Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Restarts, Odd Behavior, Questionable Files (Need help analyzing my PC)


  • This topic is locked This topic is locked
17 replies to this topic

#1 Prints

Prints

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:03:02 AM

Posted 26 October 2017 - 08:20 PM

Hi Guys,
 I've been coming over here to bleepingcomputer for a while now for tools and fixes if needed. I've never made a post like this before though. I've been having some problems with a laptop lately in my apt. (Toshiba Satellite C55DT-B5128) There is a modification to this machine. The maximum installable amount of RAM it lists in it's specs is 4GB. But when I read about it, I realized it did in fact have a second slot - and it's commonly used to add another 4GB stick, bringing it up to 8GB. I really don't think this has to do with my issue, but I thought it was probably a good idea to mention it.
 
I get things like this in Event Viewer:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571 for more information. The only thing I found it linked to was Zemana's Anti-Keylogger, so maybe it's just doing what it normally does - not sure. That's wininit as a source and ID 11
 
And I get random reboots. One just happened, and it seems that if I'm doing something a bit heavier like running a GPU task on BOINC or something, there's something wrong. Maybe it's just my bad luck with defective laptops. Not sure. Anyhow, here is what Event Viewer says is happening around the reboot times. Sometimes I don't have time to check:
 
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Name: System, Source Kernel-Power, ID: 41, Level: Critical.
 
The previous system shutdown at 4:16:55 PM on ‎10/‎26/‎2017 was unexpected. ID: 6008
The last shutdown's success status was false. The last boot's success status was true. ID: 20
Virtualization-based security (policies: 0) is disabled. ID: 153
 
 
Right before that, here's what event viewer says is going on:
 
File System Filter 'npsvctrig' (10.0, ‎2097‎-‎07‎-‎25T03:18:05.000000000Z) has successfully loaded and registered with Filter Manager. Name: System, Source: Filter Manager, ID:6, Level: Info
 
File System Filter 'eamonm' (6.3, ‎2016‎-‎10‎-‎17T05:22:19.000000000Z) has successfully loaded and registered with Filter Manager.
 
.File System Filter 'FileCrypt' (10.0, ‎2030‎-‎05‎-‎28T01:10:59.000000000Z) has successfully loaded and registered with Filter Manager.
 
i also see this everywhere, source Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. ID: 7040 - and then back....
The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. ID: 7040
 
Now that I have that out of the way. Here are the FRST logs that I just ran after the computer rebooted. I've never done this before, but I figured it couldn't hurt and I could possibly finally get an answer :)

 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017
Ran by Jon (administrator) on 3V1L (26-10-2017 16:44:58)
Running from C:\Users\Jon\Desktop\recov
Loaded Profiles: Jon (Available Profiles: Jon)
Platform: Windows 10 Pro Version 1703 15063.674 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
() C:\Program Files (x86)\ArsClip\ArsClip.exe
() C:\Program Files\AMD\ATI.ACE\a4\AdaptiveSleepService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Slack Technologies) C:\Users\Jon\AppData\Local\slack\app-2.8.2\slack.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\ProgramData\BOINC\projects\numberfields.asu.edu_NumberFields\GetDecics_2.12_windows_x86_64
(Slack Technologies) C:\Users\Jon\AppData\Local\slack\app-2.8.2\slack.exe
(Slack Technologies) C:\Users\Jon\AppData\Local\slack\app-2.8.2\slack.exe
(Slack Technologies) C:\Users\Jon\AppData\Local\slack\app-2.8.2\slack.exe
(Slack Technologies) C:\Users\Jon\AppData\Local\slack\app-2.8.2\slack.exe
(Slack Technologies) C:\Users\Jon\AppData\Local\slack\app-2.8.2\slack.exe
(Slack Technologies) C:\Users\Jon\AppData\Local\slack\app-2.8.2\slack.exe
(Slack Technologies) C:\Users\Jon\AppData\Local\slack\app-2.8.2\slack.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3873000 2016-06-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69928 2016-06-05] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8738088 2016-06-05] (Space Sciences Laboratory)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-07-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3566904 2017-10-17] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-859792479-1463366279-3842450767-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-859792479-1463366279-3842450767-1001\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [80000 2015-08-02] (WordWeb Software)
HKU\S-1-5-21-859792479-1463366279-3842450767-1001\...\Run: [Google Update] => C:\Users\Jon\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-859792479-1463366279-3842450767-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-859792479-1463366279-3842450767-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [638592 2017-07-14] ()
HKU\S-1-5-21-859792479-1463366279-3842450767-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-859792479-1463366279-3842450767-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\Jon\AppData\Local\slack\Update.exe [1584656 2017-10-24] ()
HKU\S-1-5-21-859792479-1463366279-3842450767-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [228864 2017-03-18] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [95712 2015-11-05] (Zemana Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-02-17]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-02-17]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArsClip.lnk [2017-04-06]
ShortcutTarget: ArsClip.lnk -> C:\Program Files (x86)\ArsClip\ArsClip.exe ()
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{737d4bee-5b83-4042-8222-f6a4f4c28c03}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{8a0b92ff-d4cd-4f9e-b54f-27f16d555b48}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b8d2f21f-de78-43dc-9ab7-9654cf9ff152}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fd969b9f-b51c-42ef-8e67-f447ef840754}: [DhcpNameServer] 209.222.18.222 209.222.18.218
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-859792479-1463366279-3842450767-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.duckduckgo.com/
SearchScopes: HKU\S-1-5-21-859792479-1463366279-3842450767-1001 -> {922508C9-1EFD-40D9-AE77-E7DBB991543E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-18] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-02-17] (LastPass)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-18] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-18] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-02-17] (LastPass)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-18] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-02-17] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-02-17] (LastPass)
 
FireFox:
========
FF DefaultProfile: mwp8qem7.default
FF DefaultProfile: 1w789tyj.default
FF ProfilePath: C:\Users\Jon\AppData\Roaming\ParseHub\parsehub\Profiles\mwp8qem7.default [2017-03-26]
FF Extension: (ParseHub) - C:\Users\Jon\AppData\Roaming\ParseHub\parsehub\Profiles\mwp8qem7.default\Extensions\parsehub2@parsehub.com.xpi [2017-03-26] [not signed]
FF ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\1w789tyj.default [2017-10-25]
FF Homepage: Mozilla\Firefox\Profiles\1w789tyj.default -> hxxp://www.duckduckgo.com
FF Session Restore: Mozilla\Firefox\Profiles\1w789tyj.default -> is enabled.
FF Extension: (Firebug) - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\1w789tyj.default\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01]
FF Extension: (Personas Plus) - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\1w789tyj.default\Extensions\personas@christopher.beard.xpi [2017-05-24]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\1w789tyj.default\Extensions\support@lastpass.com [2017-10-25]
FF Extension: (uBlock Origin) - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\1w789tyj.default\Extensions\uBlock0@raymondhill.net.xpi [2017-10-25]
FF Extension: (NoScript) - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\1w789tyj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-10-25]
FF Extension: (Web Developer) - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\1w789tyj.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-04-06]
FF HKU\S-1-5-21-859792479-1463366279-3842450767-1001\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: (WordWeb one-click lookup) - C:\Program Files (x86)\WordWeb\WCaptureMoz [2015-10-16] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-18] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-02-17] (LastPass)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-18] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-02-17] (LastPass)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-859792479-1463366279-3842450767-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-859792479-1463366279-3842450767-1001: @talk.google.com/O1DPlugin -> C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-859792479-1463366279-3842450767-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-859792479-1463366279-3842450767-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&atb=v67-7b_
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default [2017-10-26]
CHR Extension: (Slides) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (myPlex Queue Extension) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmheakklldmclgmkfnncddgkiibboil [2015-09-25]
CHR Extension: (Docs) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Web Developer) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2017-08-02]
CHR Extension: (YouTube) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (uBlock Origin) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-10-16]
CHR Extension: (Google Search) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Raindrops(Non-Aero)) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg [2015-09-25]
CHR Extension: (Google Play Music) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-10-16]
CHR Extension: (Sheets) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Plex) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (ScriptBlock) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2017-01-27]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-10-21]
CHR Extension: (Google Play Music) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-09]
CHR Extension: (WavesLiteApp) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfmcaklajknfekomaflnhkjjkcjabogm [2017-10-18]
CHR Extension: (Snapmail) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjoclikoefepdgaplgjlafinekbephji [2017-04-14]
CHR Extension: (Google Play Last.fm Scrobbler) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\llpepekkleeoeiloijhcafgpjdnhhcbl [2017-07-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (My Chrome Theme) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-09-25]
CHR Extension: (BackStop) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pidcjgldchekcoolelhbjfbnccjkckfj [2015-09-25]
CHR Extension: (Gmail) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-25]
CHR Extension: (Chrome Media Router) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-01]
CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-09-29]
CHR Extension: (Google Slides) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-03]
CHR Extension: (Google Docs) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-03]
CHR Extension: (Google Drive) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-03]
CHR Extension: (Web Developer) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2017-02-24]
CHR Extension: (Hootsuite Hootlet) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2016-09-29]
CHR Extension: (YouTube) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-03]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmagokdooijbeehmkpknfglimnifench [2016-05-03]
CHR Extension: (Adobe Acrobat) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-24]
CHR Extension: (Google Sheets) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-03]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-06]
CHR Extension: (Backspace means backspace!) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hcicfpjmgbfalapmkdhfgldcnbamicnh [2016-05-03]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-24]
CHR Extension: (Gmail) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-03]
CHR Extension: (Chrome Media Router) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-24]
CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-03-08]
CHR Extension: (Google Slides) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-24]
CHR Extension: (Google Docs) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-24]
CHR Extension: (Google Drive) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-24]
CHR Extension: (YouTube) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-24]
CHR Extension: (Adobe Acrobat) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-24]
CHR Extension: (Google Sheets) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-24]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-24]
CHR Extension: (Gmail) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-24]
CHR Extension: (Chrome Media Router) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-24]
CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-09]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-05-05] (SUPERAntiSpyware.com)
R2 AdaptiveSleepService; C:\Program Files\AMD\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-06-08] () [File not signed]
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-09-27] (Adobe Systems) [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-10-17] (Dropbox, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2770312 2017-05-24] (ESET)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144608 2016-06-02] (ELAN Microelectronics Corp.)
S3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] ( ) [File not signed]
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [72832 2017-07-14] (The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [72832 2017-07-14] (The OpenVPN Project)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2092008 2017-09-25] (Plex, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [51208 2017-01-09] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27376 2016-08-12] (Advanced Micro Devices, INC.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [100744 2017-01-09] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [100136 2015-09-25] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [255368 2017-01-09] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-09-25] (Advanced Micro Devices)
S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows ® Win 7 DDK provider) [File not signed]
R3 cbfs3; C:\WINDOWS\System32\drivers\cbfs3.sys [325008 2011-04-04] (EldoS Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-09-26] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [262792 2017-05-24] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-06-23] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [197248 2017-05-24] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [153216 2017-05-24] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [208520 2017-05-24] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [61568 2017-05-24] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [84616 2017-05-24] (ESET)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31832 2016-06-02] (ELAN Microelectronic Corp.)
S3 ffusb2audio; C:\WINDOWS\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 FocusriteUSB; C:\WINDOWS\System32\drivers\FocusriteUSB.sys [96424 2017-06-08] (Focusrite Audio Engineering Ltd.)
R3 FocusriteUSBAudio; C:\WINDOWS\system32\drivers\FocusriteUSBAudio.sys [54440 2017-06-08] (Focusrite Audio Engineering Ltd.)
R3 FocusriteUSBSwRoot; C:\WINDOWS\System32\drivers\FocusriteUSBSwRoot.sys [97960 2017-06-08] (Focusrite Audio Engineering Ltd.)
S3 GENERICDRV; C:\Program Files (x86)\UEFI WinFlash\amifldrv64.sys [15640 2012-07-27] ()
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2015-09-27] (Arainia Solutions LLC)
R3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
S3 MAUSBMOBILEPREII; C:\WINDOWS\system32\DRIVERS\MAudioMobilePreII.sys [464144 2013-05-23] (M-Audio)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-06-22] (Anchorfree Inc.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45728 2015-09-25] (Toshiba Corporation)
S3 VASDeviceDrm; C:\WINDOWS\system32\drivers\vasdDev.sys [1995648 2016-06-20] (ShiningMorning Inc.)
S3 VBAudioHFVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_hfvaio64_win7.sys [33512 2017-08-23] (Windows ® Win 7 DDK provider)
R3 VBAudioVMAUXVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2017-08-25] (Windows ® Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-08-17] (Windows ® Win 7 DDK provider)
U5 VBoxNetAdp; C:\Windows\System32\Drivers\VBoxNetAdp.sys [141600 2014-05-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205952 2017-04-28] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
S3 VBAudioVACMME; \SystemRoot\system32\DRIVERS\vbaudio_cable64_win7.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-26 16:42 - 2017-10-26 16:44 - 000000000 ____D C:\Users\Jon\Desktop\recov
2017-10-26 12:32 - 2017-10-26 12:32 - 000000808 _____ C:\Users\Jon\Desktop\2017_Core-Work(1).txt
2017-10-26 12:18 - 2017-10-26 12:18 - 000000000 ____D C:\Users\Jon\Desktop\w7productkey-fail
2017-10-26 09:20 - 2017-10-26 12:30 - 000000000 ____D C:\Users\Jon\Desktop\1026
2017-10-24 16:11 - 2017-10-24 16:11 - 000002114 _____ C:\Users\Jon\Desktop\Kleopatra (2).lnk
2017-10-24 14:35 - 2017-10-24 14:35 - 000002195 _____ C:\Users\Jon\Desktop\Slack.lnk
2017-10-24 14:35 - 2017-10-24 14:35 - 000000000 ____D C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2017-10-24 14:34 - 2017-10-24 14:35 - 000000000 ____D C:\Users\Jon\AppData\Local\slack
2017-10-24 12:28 - 2017-10-24 12:28 - 000002114 _____ C:\Users\Jon\Desktop\Kleopatra.lnk
2017-10-24 09:23 - 2017-10-24 09:23 - 000001210 _____ C:\Users\Jon\Desktop\Dobbscoin.lnk
2017-10-23 12:08 - 2017-10-23 12:08 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-10-22 17:04 - 2017-10-22 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridcoinResearch
2017-10-22 13:18 - 2017-10-22 13:18 - 000001028 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard.lnk
2017-10-22 13:18 - 2017-10-22 13:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 10
2017-10-22 13:17 - 2017-10-22 13:18 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 10
2017-10-22 12:01 - 2017-10-26 16:25 - 000000021 _____ C:\WINDOWS\S.dirmngr
2017-10-22 11:37 - 2017-10-22 11:37 - 002827595 _____ C:\Users\Jon\Desktop\GRIDCOIN_ERROR.psd
2017-10-22 11:13 - 2017-10-24 16:11 - 000000000 ____D C:\Users\Jon\AppData\Roaming\Dobbscoin
2017-10-22 11:08 - 2017-05-12 19:51 - 000311296 _____ C:\Users\Jon\Desktop\wallet.dat
2017-10-21 16:46 - 2017-10-22 11:35 - 000317844 ____H C:\Users\Jon\Documents\~WRL0003.tmp
2017-10-21 16:01 - 2011-04-04 16:32 - 000325008 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\cbfs3.sys
2017-10-21 15:58 - 2017-10-21 15:58 - 000000000 ____D C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals
2017-10-21 15:58 - 2017-10-21 15:58 - 000000000 ____D C:\Program Files (x86)\DiskInternals
2017-10-21 14:35 - 2017-10-21 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 7.0
2017-10-21 14:35 - 2017-10-21 14:35 - 000000000 ____D C:\Program Files\PowerDataRecovery
2017-10-20 23:13 - 2017-10-22 12:37 - 000000000 ____D C:\Program Files\A-FF Find and Mount
2017-10-20 22:51 - 2017-10-20 22:55 - 000000000 ____D C:\Program Files (x86)\PowerDataRecovery
2017-10-20 22:28 - 2017-10-20 22:32 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2017-10-20 20:41 - 2017-10-20 22:49 - 000000000 ____D C:\Program Files\MiniToolPowerDataRecovery
2017-10-19 14:38 - 2017-10-18 15:33 - 000000672 _____ C:\Users\Jon\Desktop\whatever - Copy.txt
2017-10-19 14:38 - 2017-10-18 15:14 - 000001013 _____ C:\Users\Jon\Desktop\E6C220B9687A547E7ED6B97E30000647FB02A576 - Copy.asc
2017-10-19 14:38 - 2017-10-07 12:18 - 000027956 _____ C:\Users\Jon\Desktop\jPx - Copy
2017-10-19 14:38 - 2017-10-03 01:44 - 000000897 _____ C:\Users\Jon\Desktop\ann_11 - Copy.txt
2017-10-19 14:38 - 2017-08-29 01:45 - 000001389 _____ C:\Users\Jon\Desktop\magi - Copy.lnk
2017-10-19 14:38 - 2017-08-21 03:16 - 000000107 _____ C:\Users\Jon\Desktop\ec2-54-183-204-202.us-west-1.compute.amazonaws.com - Copy.rdp
2017-10-19 14:37 - 2017-10-26 12:34 - 000000000 ____D C:\Users\Jon\Desktop\1019
2017-10-19 12:32 - 2017-10-19 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-10-19 12:00 - 2017-10-19 12:01 - 018249216 _____ C:\Users\Jon\Downloads\GridcoinResearch.msi
2017-10-19 10:36 - 2017-10-19 10:36 - 000010003 _____ C:\Users\Jon\Downloads\adam.zip
2017-10-18 17:08 - 2017-10-18 17:08 - 000033334 _____ C:\Users\Jon\Documents\magmawave_caps.zip
2017-10-18 15:12 - 2017-10-18 15:12 - 000000672 _____ C:\Users\Jon\Desktop\New Text Document.txt
2017-10-18 10:55 - 2017-10-18 10:53 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2017-10-17 15:50 - 2017-10-17 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2017-10-17 15:50 - 2017-10-17 15:50 - 000000000 ____D C:\Program Files (x86)\ImageWriter
2017-10-17 15:49 - 2017-10-17 15:50 - 012567188 _____ (ImageWriter Developers ) C:\Users\Jon\Downloads\win32diskimager-1.0.0-install.exe
2017-10-17 14:07 - 2017-10-17 14:08 - 000593660 _____ C:\WINDOWS\Minidump\101717-58578-01.dmp
2017-10-17 08:48 - 2017-10-17 08:48 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-10-17 08:48 - 2017-10-17 08:48 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-10-17 08:48 - 2017-10-17 08:48 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-10-17 08:48 - 2017-10-17 08:48 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-10-16 15:39 - 2017-10-16 15:39 - 000061718 _____ C:\Users\Jon\Downloads\ubuntu-17.04-desktop-amd64.iso.torrent
2017-10-16 10:40 - 2017-10-16 10:39 - 000000030 _____ C:\AVScanner.ini
2017-10-16 10:39 - 2017-10-16 10:39 - 000000000 ____D C:\ProgramData\McAfee
2017-10-15 23:07 - 2017-10-15 23:07 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-15 22:51 - 2017-09-29 19:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-15 22:51 - 2017-09-29 19:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-10-15 22:51 - 2017-09-29 19:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-15 22:51 - 2017-09-29 00:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-15 22:51 - 2017-09-29 00:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-15 22:51 - 2017-09-29 00:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-15 22:51 - 2017-09-29 00:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-15 22:51 - 2017-09-29 00:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-15 22:50 - 2017-09-29 22:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-15 22:50 - 2017-09-29 22:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-15 22:50 - 2017-09-29 22:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-15 22:50 - 2017-09-29 22:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-15 22:50 - 2017-09-29 22:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-15 22:50 - 2017-09-29 22:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-15 22:50 - 2017-09-29 22:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-15 22:50 - 2017-09-29 22:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-15 22:50 - 2017-09-29 22:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-15 22:50 - 2017-09-29 22:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-15 22:50 - 2017-09-29 22:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-15 22:50 - 2017-09-29 22:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-15 22:50 - 2017-09-29 22:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-15 22:50 - 2017-09-29 22:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-15 22:50 - 2017-09-29 22:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-15 22:50 - 2017-09-29 22:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-15 22:50 - 2017-09-29 22:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-15 22:50 - 2017-09-29 22:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-15 22:50 - 2017-09-29 22:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-15 22:50 - 2017-09-29 19:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-15 22:50 - 2017-09-29 19:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-15 22:50 - 2017-09-29 19:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-15 22:50 - 2017-09-29 19:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-15 22:50 - 2017-09-29 19:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-15 22:50 - 2017-09-29 19:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-15 22:50 - 2017-09-29 19:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-15 22:50 - 2017-09-29 19:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-15 22:50 - 2017-09-29 19:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-15 22:50 - 2017-09-29 19:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-10-15 22:50 - 2017-09-29 19:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-15 22:50 - 2017-09-29 19:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-15 22:50 - 2017-09-29 19:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-15 22:50 - 2017-09-29 19:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-15 22:50 - 2017-09-29 19:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-15 22:50 - 2017-09-29 19:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-15 22:50 - 2017-09-29 19:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-15 22:50 - 2017-09-29 19:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-10-15 22:50 - 2017-09-29 19:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-15 22:50 - 2017-09-29 19:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-15 22:50 - 2017-09-29 19:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-15 22:50 - 2017-09-29 19:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-15 22:50 - 2017-09-29 19:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-15 22:50 - 2017-09-29 19:02 - 001624096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2017-10-15 22:50 - 2017-09-29 19:02 - 001517464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-10-15 22:50 - 2017-09-29 19:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-15 22:50 - 2017-09-29 19:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-15 22:50 - 2017-09-29 00:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-15 22:50 - 2017-09-29 00:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-15 22:50 - 2017-09-29 00:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-15 22:50 - 2017-09-29 00:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-15 22:50 - 2017-09-29 00:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-15 22:50 - 2017-09-29 00:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-15 22:50 - 2017-09-29 00:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-15 22:50 - 2017-09-29 00:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-15 22:50 - 2017-09-29 00:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-15 22:50 - 2017-09-29 00:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-15 22:50 - 2017-09-29 00:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-15 22:50 - 2017-09-29 00:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-15 22:50 - 2017-09-29 00:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-15 22:50 - 2017-09-29 00:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-15 22:50 - 2017-09-29 00:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-10-15 22:50 - 2017-09-29 00:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-15 22:50 - 2017-09-29 00:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-15 22:50 - 2017-09-29 00:38 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2017-10-15 22:50 - 2017-09-29 00:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-15 22:50 - 2017-09-29 00:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-15 22:50 - 2017-09-29 00:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-15 22:50 - 2017-09-29 00:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-15 22:50 - 2017-09-29 00:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-15 22:50 - 2017-09-29 00:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-15 22:50 - 2017-09-29 00:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-15 22:50 - 2017-09-29 00:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-15 22:50 - 2017-09-29 00:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-15 22:50 - 2017-09-29 00:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-15 22:50 - 2017-09-29 00:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-15 22:50 - 2017-09-29 00:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-15 22:50 - 2017-09-29 00:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-15 22:50 - 2017-09-29 00:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-10-15 22:50 - 2017-09-29 00:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-15 22:50 - 2017-09-29 00:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-15 22:50 - 2017-09-29 00:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-10-15 22:50 - 2017-09-29 00:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-15 22:50 - 2017-09-29 00:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-15 22:50 - 2017-09-29 00:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-15 22:50 - 2017-09-29 00:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-15 22:50 - 2017-09-29 00:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-15 22:50 - 2017-09-29 00:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-15 22:50 - 2017-09-29 00:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-15 22:50 - 2017-09-29 00:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-15 22:50 - 2017-09-29 00:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-15 22:50 - 2017-09-29 00:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-15 22:50 - 2017-09-29 00:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-15 22:50 - 2017-09-29 00:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-15 22:50 - 2017-09-29 00:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-15 22:50 - 2017-09-29 00:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-15 22:50 - 2017-09-29 00:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-15 22:50 - 2017-09-29 00:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-15 22:50 - 2017-09-29 00:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-15 22:50 - 2017-09-29 00:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-15 22:50 - 2017-09-29 00:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-15 22:50 - 2017-09-29 00:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-15 22:50 - 2017-09-29 00:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-15 22:50 - 2017-09-29 00:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-15 22:50 - 2017-09-29 00:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-15 22:50 - 2017-09-29 00:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-15 22:50 - 2017-09-29 00:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-15 22:50 - 2017-09-29 00:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-15 22:50 - 2017-09-29 00:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-15 22:50 - 2017-09-29 00:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-15 22:50 - 2017-09-29 00:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-15 22:50 - 2017-09-29 00:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-15 22:50 - 2017-09-29 00:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-15 22:50 - 2017-09-29 00:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-15 22:50 - 2017-09-29 00:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-15 22:50 - 2017-09-29 00:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-15 22:50 - 2017-09-29 00:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-15 22:50 - 2017-09-29 00:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-15 22:50 - 2017-09-29 00:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-15 22:50 - 2017-09-29 00:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-15 22:50 - 2017-09-29 00:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-15 22:50 - 2017-09-29 00:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-15 22:50 - 2017-09-29 00:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-15 22:50 - 2017-09-29 00:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-15 22:50 - 2017-09-29 00:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-15 22:50 - 2017-09-29 00:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-15 22:50 - 2017-09-29 00:18 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2017-10-15 22:50 - 2017-09-29 00:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-15 22:50 - 2017-09-29 00:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-15 22:50 - 2017-09-28 22:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-15 22:50 - 2017-09-28 22:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-15 22:50 - 2017-09-20 08:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-15 22:50 - 2017-09-20 08:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-15 22:50 - 2017-09-20 08:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-15 22:49 - 2017-09-29 22:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-15 22:49 - 2017-09-29 22:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-15 22:49 - 2017-09-29 22:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-15 22:49 - 2017-09-29 22:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-15 22:49 - 2017-09-29 22:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-15 22:49 - 2017-09-29 22:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-15 22:49 - 2017-09-29 22:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-15 22:49 - 2017-09-29 22:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-15 22:49 - 2017-09-29 22:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-15 22:49 - 2017-09-29 22:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-15 22:49 - 2017-09-29 22:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-15 22:49 - 2017-09-29 22:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-15 22:49 - 2017-09-29 22:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-15 22:49 - 2017-09-29 22:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-15 22:49 - 2017-09-29 22:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-15 22:49 - 2017-09-29 22:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-15 22:49 - 2017-09-29 22:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-15 22:49 - 2017-09-29 22:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-15 22:49 - 2017-09-29 22:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-15 22:49 - 2017-09-29 22:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-15 22:49 - 2017-09-29 22:40 - 000849816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-10-15 22:49 - 2017-09-29 22:40 - 000701336 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-10-15 22:49 - 2017-09-29 22:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-15 22:49 - 2017-09-29 22:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-15 22:49 - 2017-09-29 22:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-15 22:49 - 2017-09-29 22:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-15 22:49 - 2017-09-29 22:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-15 22:49 - 2017-09-29 22:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-15 22:49 - 2017-09-29 22:39 - 001694104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-10-15 22:49 - 2017-09-29 22:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-15 22:49 - 2017-09-29 22:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-15 22:49 - 2017-09-29 22:38 - 001854872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-10-15 22:49 - 2017-09-29 22:37 - 002377112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2017-10-15 22:49 - 2017-09-29 22:37 - 002229144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-10-15 22:49 - 2017-09-29 22:37 - 001464728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-10-15 22:49 - 2017-09-29 22:36 - 000855960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-10-15 22:49 - 2017-09-29 22:36 - 000675224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-10-15 22:49 - 2017-09-29 00:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-15 22:49 - 2017-09-29 00:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-15 22:49 - 2017-09-29 00:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-15 22:49 - 2017-09-29 00:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-15 22:49 - 2017-09-29 00:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-15 22:49 - 2017-09-29 00:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-15 22:49 - 2017-09-29 00:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-10-15 22:49 - 2017-09-29 00:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-15 22:49 - 2017-09-29 00:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-15 22:49 - 2017-09-29 00:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-15 22:49 - 2017-09-29 00:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-15 22:49 - 2017-09-29 00:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-15 22:49 - 2017-09-29 00:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-15 22:49 - 2017-09-29 00:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-15 22:49 - 2017-09-29 00:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-15 22:49 - 2017-09-29 00:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-15 22:49 - 2017-09-29 00:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-15 22:49 - 2017-09-29 00:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-15 22:49 - 2017-09-29 00:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-15 22:49 - 2017-09-29 00:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-10-15 22:49 - 2017-09-29 00:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-15 22:49 - 2017-09-29 00:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-15 22:49 - 2017-09-29 00:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-15 22:49 - 2017-09-29 00:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-15 22:49 - 2017-09-29 00:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-15 22:49 - 2017-09-29 00:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-15 22:49 - 2017-09-29 00:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-15 22:49 - 2017-09-29 00:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-15 22:49 - 2017-09-29 00:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-15 22:49 - 2017-09-29 00:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-15 22:49 - 2017-09-29 00:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-15 22:49 - 2017-09-29 00:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-15 22:49 - 2017-09-29 00:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-15 22:49 - 2017-09-29 00:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-15 22:49 - 2017-09-29 00:26 - 001197568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2017-10-15 22:49 - 2017-09-29 00:26 - 001141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2017-10-15 22:49 - 2017-09-29 00:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-15 22:49 - 2017-09-29 00:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-15 22:49 - 2017-09-29 00:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-15 22:49 - 2017-09-29 00:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-15 22:49 - 2017-09-29 00:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-15 22:49 - 2017-09-29 00:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-15 22:49 - 2017-09-29 00:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-15 22:49 - 2017-09-29 00:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-15 22:49 - 2017-09-29 00:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-15 22:49 - 2017-09-29 00:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-15 22:49 - 2017-09-29 00:24 - 001201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2017-10-15 22:49 - 2017-09-29 00:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-15 22:49 - 2017-09-29 00:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-15 22:49 - 2017-09-29 00:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-15 22:49 - 2017-09-29 00:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-15 22:49 - 2017-09-29 00:23 - 002195968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2017-10-15 22:49 - 2017-09-29 00:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-15 22:49 - 2017-09-29 00:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-15 22:49 - 2017-09-29 00:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-15 22:49 - 2017-09-29 00:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-15 22:49 - 2017-09-29 00:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-15 22:49 - 2017-09-29 00:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-15 22:49 - 2017-09-29 00:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-15 22:49 - 2017-09-29 00:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-15 22:49 - 2017-09-29 00:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-15 22:49 - 2017-09-29 00:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-15 22:49 - 2017-09-29 00:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-15 22:49 - 2017-09-29 00:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-15 22:49 - 2017-09-29 00:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-15 22:49 - 2017-09-29 00:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-15 22:49 - 2017-09-29 00:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-15 22:49 - 2017-09-29 00:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-15 22:49 - 2017-09-29 00:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-15 22:49 - 2017-09-29 00:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-15 22:49 - 2017-09-29 00:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-15 22:49 - 2017-09-29 00:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-15 22:49 - 2017-09-29 00:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-15 22:49 - 2017-09-29 00:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-15 22:49 - 2017-09-29 00:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-15 22:49 - 2017-09-29 00:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-15 22:49 - 2017-09-29 00:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-15 22:49 - 2017-09-29 00:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-15 22:49 - 2017-09-29 00:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-15 22:49 - 2017-09-29 00:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-15 22:49 - 2017-09-29 00:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-10 12:46 - 2017-10-10 12:46 - 000370072 _____ (Last.fm ) C:\Users\Jon\Downloads\WinampPluginSetup_2.0.45.0.exe
2017-10-09 16:08 - 2017-10-09 16:08 - 000743760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp100d.dll
2017-10-09 16:07 - 2017-10-09 16:07 - 001505104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100d.dll
2017-10-09 14:43 - 2017-10-09 14:50 - 000000000 ____D C:\stockimg_00
2017-10-08 10:19 - 2017-10-08 10:19 - 000001106 _____ C:\Users\Jon\Desktop\Electrum.lnk
2017-10-08 09:07 - 2017-10-08 09:07 - 000001130 _____ C:\Users\Jon\Desktop\MediaMonkey.lnk
2017-10-07 12:53 - 2017-10-07 12:53 - 000000516 _____ C:\Users\Jon\Documents\signed_b2b4a23d.txn
2017-10-05 13:38 - 2017-10-05 15:13 - 000000000 ____D C:\Users\Jon\Desktop\mbar
2017-10-05 12:16 - 2017-10-05 12:16 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2017-10-05 12:15 - 2017-10-05 12:15 - 000000000 ____D C:\WINDOWS\Options
2017-10-05 12:15 - 2017-10-05 12:15 - 000000000 ____D C:\ProgramData\Qualcomm Atheros
2017-10-05 12:15 - 2015-05-21 22:44 - 000094864 ____N C:\WINDOWS\system32\athw10x.cat
2017-10-05 12:15 - 2015-05-21 22:44 - 000094845 ____N C:\WINDOWS\system32\athwbx.cat
2017-10-05 12:15 - 2015-05-17 23:33 - 004301304 ____N (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athw10x.sys
2017-10-05 12:15 - 2015-05-17 23:33 - 004301304 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
2017-10-05 12:15 - 2015-05-07 01:38 - 004274176 ____N (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athwbx.sys
2017-10-05 11:53 - 2017-10-05 12:06 - 050449664 _____ C:\Users\Jon\Downloads\TCK0001000C.exe
2017-10-05 08:46 - 2017-10-22 13:26 - 000000083 _____ C:\Users\Jon\Downloads\rufus.ini
2017-10-05 07:27 - 2017-10-05 07:27 - 000251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\41FB1FE9.sys
2017-10-04 21:32 - 2017-10-04 21:32 - 000000000 ____D C:\Users\Jon\AppData\Local\Notepad++
2017-10-04 21:32 - 2017-10-04 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-10-04 20:37 - 2017-10-08 12:19 - 000000154 _____ C:\Users\Jon\Desktop\1004.txt
2017-10-04 15:01 - 2017-10-04 15:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2017-10-04 15:00 - 2017-10-04 15:00 - 000000000 ____D C:\Program Files (x86)\GNU
2017-10-04 10:56 - 2017-10-04 10:59 - 074681768 _____ (MiniTool Solution Ltd. ) C:\Users\Jon\Downloads\pw102-free.exe
2017-10-03 08:27 - 2017-10-03 08:27 - 053401488 _____ C:\Users\Jon\Downloads\torbrowser-install-7.0.6_en-US.exe
2017-10-03 00:39 - 2017-10-03 00:40 - 000442368 _____ C:\Users\Jon\Downloads\Unconfirmed 527935.crdownload
2017-10-02 12:53 - 2017-10-02 12:53 - 000002290 _____ C:\Users\Jon\Documents\23957.svg
2017-10-01 20:00 - 2017-10-01 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2017-10-01 19:59 - 2017-10-01 19:59 - 000000000 ____D C:\Program Files (x86)\Plex
2017-10-01 09:07 - 2017-10-01 09:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite Audio Engineering Ltd
2017-10-01 09:07 - 2017-10-01 09:07 - 000000000 ____D C:\Program Files\FocusriteUSB
2017-10-01 09:07 - 2017-06-08 13:41 - 001805320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-10-01 09:07 - 2017-06-08 13:41 - 000097960 _____ (Focusrite Audio Engineering Ltd.) C:\WINDOWS\system32\Drivers\FocusriteUSBSwRoot.sys
2017-10-01 09:07 - 2017-06-08 13:41 - 000096424 _____ (Focusrite Audio Engineering Ltd.) C:\WINDOWS\system32\Drivers\FocusriteUSB.sys
2017-10-01 09:07 - 2017-06-08 13:41 - 000054440 _____ (Focusrite Audio Engineering Ltd.) C:\WINDOWS\system32\Drivers\FocusriteUSBAudio.sys
2017-10-01 09:05 - 2017-10-01 09:05 - 005161240 _____ (Focusrite Audio Engineering Ltd. ) C:\Users\Jon\Downloads\focusriteusbinstaller4.36.4-484.exe
2017-10-01 00:35 - 2017-09-18 16:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-01 00:35 - 2017-09-18 15:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-01 00:35 - 2017-09-18 15:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-01 00:34 - 2017-09-18 16:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-01 00:34 - 2017-09-18 16:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-01 00:34 - 2017-09-18 16:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-01 00:34 - 2017-09-18 16:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-01 00:34 - 2017-09-18 16:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-01 00:34 - 2017-09-18 16:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-01 00:34 - 2017-09-18 16:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-01 00:34 - 2017-09-18 15:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-01 00:34 - 2017-09-18 15:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-01 00:34 - 2017-09-18 15:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-01 00:34 - 2017-09-18 15:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-09-28 09:09 - 2017-09-28 09:09 - 006006600 _____ (Locktime Software) C:\Users\Jon\Downloads\netlimiter-4.0.32.0.exe
2017-09-26 21:06 - 2017-09-26 21:07 - 000966776 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Jon\Downloads\rufus-2.17p.exe
2017-09-26 14:42 - 2017-09-26 15:28 - 2852847616 _____ C:\Users\Jon\Downloads\kali-linux-xfce-2017.2-amd64.iso
2017-09-26 14:19 - 2017-09-26 14:23 - 514850816 _____ C:\Users\Jon\Downloads\blackarchlinux-netinst-2017.08.30-x86_64.iso
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-26 16:48 - 2015-10-28 20:09 - 000000000 ____D C:\ProgramData\BOINC
2017-10-26 16:44 - 2016-06-12 17:43 - 000000000 ____D C:\FRST
2017-10-26 16:30 - 2017-06-26 17:20 - 000000000 ____D C:\Users\Jon\AppData\Roaming\Slack
2017-10-26 16:27 - 2017-04-06 12:05 - 000000000 ____D C:\Users\Jon\AppData\Roaming\Arsclip
2017-10-26 16:25 - 2017-06-02 08:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-26 15:38 - 2017-06-02 08:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-26 15:16 - 2015-11-03 17:45 - 000000000 ____D C:\Users\Jon\.VirtualBox
2017-10-26 13:44 - 2016-07-01 20:52 - 000000000 ____D C:\Users\Jon\AppData\Roaming\TS3Client
2017-10-26 12:34 - 2017-06-03 11:57 - 000002564 _____ C:\Users\Jon\Desktop\nbjb_instructions-and-help.txt
2017-10-26 12:17 - 2015-09-28 15:52 - 000000000 ____D C:\Users\Jon\AppData\Local\CrashDumps
2017-10-26 11:09 - 2016-11-30 11:09 - 000000000 ____D C:\Users\Jon\AppData\LocalLow\Mozilla
2017-10-26 01:52 - 2015-10-22 17:32 - 000000600 _____ C:\Users\Jon\AppData\Local\PUTTY.RND
2017-10-26 01:48 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-26 01:48 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-25 21:52 - 2015-09-29 17:47 - 000001456 _____ C:\Users\Jon\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-10-25 20:48 - 2017-07-10 10:57 - 000000000 ____D C:\ConnEtc
2017-10-25 20:47 - 2016-06-14 23:09 - 000000000 ____D C:\_distros
2017-10-25 13:19 - 2015-10-05 07:29 - 000000000 ____D C:\Users\Jon\AppData\Local\Last.fm
2017-10-25 09:05 - 2017-08-16 12:11 - 000000000 ____D C:\Users\Jon\Desktop\2017-core
2017-10-25 07:58 - 2016-05-15 08:49 - 000000000 ____D C:\Users\Jon\AppData\Roaming\MediaMonkey
2017-10-25 07:40 - 2015-12-11 01:17 - 000000000 ____D C:\Users\Jon\AppData\Roaming\Genstake
2017-10-25 02:00 - 2015-09-25 23:16 - 000000000 ____D C:\Users\Jon\AppData\Local\Adobe
2017-10-24 17:11 - 2017-01-26 10:14 - 000000000 ____D C:\Users\Jon\AppData\Roaming\Electrum
2017-10-24 14:35 - 2017-06-26 17:19 - 000000000 ____D C:\Users\Jon\AppData\Local\SquirrelTemp
2017-10-24 14:32 - 2017-09-06 11:52 - 000000000 ____D C:\Users\Jon\Downloads\delete
2017-10-24 11:22 - 2015-09-30 17:04 - 000000000 ___RD C:\Users\Jon\Dropbox
2017-10-24 11:12 - 2015-10-19 21:09 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-10-23 21:26 - 2015-09-28 10:03 - 000000000 ____D C:\Users\Jon\AppData\Roaming\vlc
2017-10-23 19:47 - 2017-02-23 13:27 - 000000000 ____D C:\Rufus
2017-10-23 00:13 - 2017-06-02 08:12 - 000000000 ____D C:\Users\Jon
2017-10-22 17:04 - 2015-10-19 21:07 - 000000000 ____D C:\Program Files (x86)\GridcoinResearch
2017-10-22 13:55 - 2015-09-26 19:39 - 000003690 __RSH C:\ProgramData\ntuser.pol
2017-10-22 12:05 - 2015-09-25 08:58 - 002841318 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-22 12:00 - 2017-06-02 08:06 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-10-22 12:00 - 2017-03-18 04:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-10-22 11:55 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-22 11:42 - 2017-06-02 08:01 - 009423464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-22 11:35 - 2015-09-27 08:46 - 000000000 ____D C:\Users\Jon\AppData\Roaming\mIRC
2017-10-22 11:31 - 2016-11-11 17:32 - 000000000 ____D C:\Users\Jon\AppData\Roaming\Verium
2017-10-22 11:11 - 2015-12-11 01:17 - 000000000 ____D C:\wallets
2017-10-22 10:37 - 2016-11-18 15:37 - 000000000 ____D C:\Users\Jon\AppData\Roaming\gnupg
2017-10-21 19:40 - 2015-11-25 15:11 - 000000000 ____D C:\Users\Jon\AppData\Roaming\qBittorrent
2017-10-21 17:52 - 2017-03-08 12:23 - 000000000 ____D C:\_OtherStuff
2017-10-21 17:02 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-21 17:02 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-21 16:01 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-19 12:33 - 2015-09-30 16:52 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-10-18 15:16 - 2015-10-09 09:26 - 000000000 ____D C:\Users\Jon\Desktop\text
2017-10-18 11:55 - 2015-11-09 14:12 - 000000000 ____D C:\ProgramData\Oracle
2017-10-18 10:56 - 2015-11-09 14:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-18 10:56 - 2015-11-09 14:17 - 000000000 ____D C:\Program Files (x86)\Java
2017-10-18 10:55 - 2016-06-08 12:08 - 000000000 ____D C:\Program Files\Java
2017-10-18 10:53 - 2016-06-08 12:09 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-10-18 10:51 - 2015-11-09 14:19 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-10-18 10:04 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-17 14:44 - 2017-08-28 11:44 - 000000000 ____D C:\Broadcast 2017
2017-10-17 14:12 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-10-17 14:07 - 2017-07-26 19:25 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-17 13:59 - 2015-10-19 21:08 - 000000000 ____D C:\Users\Jon\AppData\Roaming\GridcoinResearch
2017-10-16 10:38 - 2017-09-12 15:28 - 000004648 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-16 10:26 - 2015-10-01 22:32 - 000000000 ___RD C:\Users\Jon\Podcasts
2017-10-16 10:26 - 2015-09-09 22:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-16 09:56 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-16 09:56 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-16 09:56 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-10-16 09:55 - 2017-03-18 14:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-16 09:55 - 2017-03-18 14:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-15 23:25 - 2015-09-25 19:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-15 23:07 - 2015-09-25 19:12 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-13 10:48 - 2015-09-28 13:32 - 000000132 _____ C:\Users\Jon\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-10-12 17:21 - 2017-03-18 14:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-12 17:21 - 2017-03-18 14:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 10:40 - 2015-09-26 00:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-10-12 10:40 - 2015-09-26 00:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-08 10:19 - 2017-09-02 22:16 - 000000000 ____D C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electrum
2017-10-08 10:19 - 2017-08-20 13:30 - 000000000 ____D C:\Program Files (x86)\Electrum
2017-10-08 09:12 - 2016-05-15 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2017-10-08 09:12 - 2016-05-15 08:49 - 000000000 ____D C:\Program Files (x86)\MediaMonkey
2017-10-07 08:19 - 2016-04-16 14:40 - 000000000 ____D C:\Program Files\Focusrite
2017-10-07 08:19 - 2015-10-17 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite
2017-10-05 15:39 - 2015-10-21 15:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-05 15:13 - 2017-03-26 00:19 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-10-05 14:26 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-05 13:46 - 2017-03-26 00:19 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-10-05 13:38 - 2017-03-26 00:18 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-10-05 12:15 - 2015-09-25 22:20 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-10-05 11:55 - 2017-05-31 20:58 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-10-03 21:36 - 2017-06-16 17:06 - 000000797 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-10-03 08:30 - 2016-10-11 17:11 - 000000904 _____ C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-10-01 20:03 - 2017-08-21 16:24 - 000000000 ____D C:\Users\Jon\AppData\Roaming\Magi
2017-10-01 20:01 - 2015-09-25 22:34 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-01 02:07 - 2017-01-18 00:31 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-09-26 16:35 - 2015-09-25 19:31 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2015-09-28 12:02 - 2017-02-17 18:53 - 022803992 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-09-28 13:32 - 2017-10-13 10:48 - 000000132 _____ () C:\Users\Jon\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-06-24 21:52 - 2017-08-28 12:30 - 000000637 _____ () C:\Users\Jon\AppData\Roaming\buttrc
2016-01-14 16:03 - 2016-01-14 16:03 - 000099384 _____ () C:\Users\Jon\AppData\Roaming\inst.exe
2015-09-28 21:36 - 2017-08-19 15:17 - 000000016 _____ () C:\Users\Jon\AppData\Roaming\msregsvv.dll
2016-01-14 16:03 - 2016-01-14 16:03 - 000007859 _____ () C:\Users\Jon\AppData\Roaming\pcouffin.cat
2016-01-14 16:03 - 2016-01-14 16:03 - 000001167 _____ () C:\Users\Jon\AppData\Roaming\pcouffin.inf
2016-01-14 16:03 - 2016-01-14 16:03 - 000000055 _____ () C:\Users\Jon\AppData\Roaming\pcouffin.log
2016-01-14 16:03 - 2016-01-14 16:03 - 000082816 _____ (VSO Software) C:\Users\Jon\AppData\Roaming\pcouffin.sys
2017-08-20 17:17 - 2017-08-28 12:18 - 000033928 _____ () C:\Users\Jon\AppData\Roaming\VoiceMeeterDefault.xml
2015-09-29 17:47 - 2017-10-25 21:52 - 000001456 _____ () C:\Users\Jon\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-10-22 17:32 - 2017-10-26 01:52 - 000000600 _____ () C:\Users\Jon\AppData\Local\PUTTY.RND
2017-03-26 20:35 - 2017-03-26 20:35 - 000000218 _____ () C:\Users\Jon\AppData\Local\recently-used.xbel
2017-03-17 13:25 - 2017-03-17 13:25 - 000000017 _____ () C:\Users\Jon\AppData\Local\resmon.resmoncfg
2017-05-07 13:48 - 2017-05-07 13:50 - 000000177 _____ () C:\Users\Jon\AppData\Local\uts.ini
2017-03-25 22:51 - 2017-03-25 22:51 - 000000000 _____ () C:\Users\Jon\AppData\Local\zenmap.exe.log
2017-02-24 17:10 - 2017-02-24 17:10 - 000048455 _____ () C:\ProgramData\agent.1487981396.bdinstall.bin
2017-03-08 01:02 - 2017-03-08 01:02 - 000030030 _____ () C:\ProgramData\agent.uninstall.1488960112.bdinstall.bin
2017-02-27 07:30 - 2017-02-27 07:30 - 000029966 _____ () C:\ProgramData\agent.update.1488205845.bdinstall.bin
2017-03-25 16:56 - 2017-03-25 16:56 - 000000057 _____ () C:\ProgramData\Ament.ini
2015-09-28 21:36 - 2017-08-19 15:17 - 000000016 _____ () C:\ProgramData\autobk.inc
2017-06-02 08:05 - 2017-06-02 08:05 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-10-17 09:27
 
==================== End of FRST.txt ============================
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by Jon (26-10-2017 16:49:02)
Running from C:\Users\Jon\Desktop\recov
Windows 10 Pro Version 1703 15063.674 (X64) (2017-06-02 16:07:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-859792479-1463366279-3842450767-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-859792479-1463366279-3842450767-503 - Limited - Disabled)
Guest (S-1-5-21-859792479-1463366279-3842450767-501 - Limited - Disabled)
Jon (S-1-5-21-859792479-1463366279-3842450767-1001 - Administrator - Enabled) => C:\Users\Jon
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 9.0.408.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.408.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.00 (HKLM-x32\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Addictive Drums (HKLM-x32\...\Addictive Drums) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 Vista Compatibility (HKLM\...\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb) (Version:  - )
Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.2.0.211 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_1_0) (Version: 12.1.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
AmpliTube 3 version 3.11.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.11.0 - IK Multimedia)
Antares Autotune VST v5.09 (HKLM-x32\...\Antares Autotune VST_is1) (Version:  - )
Antares Filter Factory Presets Extra #1 (HKLM-x32\...\{4B20A490-18E9-44F3-9158-0FCB5E5BE14E}) (Version: 1.00.000 - )
Antares Filter VST DX v1.01 (HKLM-x32\...\Antares Filter VST DX v1.01) (Version:  - )
AntiLogger Free version 1.8.2.320 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.320 - Zemana Ltd.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArsClip (HKLM-x32\...\ArsClip_is1) (Version:  - )
ArtsAcoustic Reverb 1.5.0.5 (HKLM-x32\...\ArtsAcoustic Reverb) (Version: 1.5.0.5 - ArtsAcoustic Vertrieb GbR)
Arturia Arp2600 V v1.0 (HKLM-x32\...\Arturia Arp2600 V v1.0) (Version:  - )
Arturia Moog Modular V v1.1 (HKLM-x32\...\Arturia Moog Modular V v1.1) (Version:  - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Barcode Generator version 6.01.07 (HKLM-x32\...\{4E846FBC-F6B3-4767-A0DF-C38D8CD0E13D}_is1) (Version: 6.01.07 - Aurora3D Software)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BOINC (HKLM\...\{1B6BCF3D-F66A-4E81-87EF-CDB97F350897}) (Version: 7.6.33 - Space Sciences Laboratory, U.C. Berkeley)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CS-80V (HKLM-x32\...\CS-80V) (Version:  - )
Custom Shop version 1.3.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.3.0 - IK Multimedia)
Dropbox (HKLM-x32\...\Dropbox) (Version: 37.4.29 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Drumular v1.1 VSTi - WORKING (HKLM-x32\...\Drumular_is1) (Version:  - Redshift Audio)
Edirol HQ Orchestral VSTi v1.03 (HKLM-x32\...\Edirol HQ Orchestral VSTi v1.03) (Version:  - )
ELAN Touchpad 15.8.12.5_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.12.5 - ELAN Microelectronic Corp.)
Electrum (HKU\S-1-5-21-859792479-1463366279-3842450767-1001\...\Electrum) (Version: 2.9.3 - Electrum Technologies GmbH)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
ESET Smart Security (HKLM\...\{C20E6525-879A-47C3-BBC4-6B8096D3F53D}) (Version: 9.0.386.0 - ESET, spol. s r.o.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
EZdrummer (HKLM-x32\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.1.1 - Toontrack)
EZXJazz (HKLM-x32\...\{EED8D44F-CEBB-4298-8D0E-E01AF6AC0663}) (Version: 1.0.0 - Toontrack)
EZXVintage (HKLM-x32\...\{430399DC-98BC-4A7F-8F8E-77981CABAE05}) (Version: 1.0 - Toontrack)
FileZilla Client 3.27.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.1 - Tim Kosse)
Focusrite USB 4.36.0.484 (HKLM\...\Focusrite USB_is1) (Version: 4.36.0.484 - Focusrite Audio Engineering Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
Gridcoin Research (HKLM-x32\...\{3E96F0A6-C7E2-414C-B96E-3B65A817E692}) (Version: 43.9 - GridcoinResearch)
HeidiSQL (HKLM\...\HeidiSQL_is1) (Version:  - Ansgar Becker)
Intel® C++ Redistributables for Windows* on IA-32 (HKLM-x32\...\{1E958728-CFA3-454A-A2D6-42A9FF718480}) (Version: 11.1.048 - Intel Corporation)
iZotope Ozone 4 (HKLM-x32\...\iZotope Ozone 4_is1) (Version: 4.00 - iZotope, Inc.)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Jupiter-8V2 2.0 (HKLM-x32\...\Jupiter-8V2_is1) (Version:  - Arturia)
Karen's LAN Monitor (HKLM-x32\...\Karen's LAN Monitor) (Version: 1.4.0.4 - Karen Kenworthy)
Kuassa Amplifikation Creme VST (Win32) Ver.1.3.0 (HKLM-x32\...\Kuassa Amplifikation Creme VST (Win32)_is1) (Version:  - Kuassa Teknika, PT)
Kuassa Cerberus Bass Amp VST (Win32) Ver.1.0.1 (HKLM-x32\...\Kuassa Cerberus Bass Amp VST (Win32)_is1) (Version:  - Kuassa Teknika, PT)
Kuassa EVE-AT VST (Win32) Ver.1.1.1 (HKLM-x32\...\Kuassa EVE-AT VST (Win32)_is1) (Version:  - Kuassa Teknika, PT)
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mellosoftron v3.1 (HKLM-x32\...\Mellosoftron v3.1) (Version:  - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Midnight 1.1 (HKLM-x32\...\Midnight_is1) (Version: 1.1 - Focusrite Audio Engineering Ltd.)
MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version:  - MiniTool Solution Ltd.)
mIRC (HKLM-x32\...\mIRC) (Version: 7.49 - mIRC Co. Ltd.)
Mixxx 2.0.0 (64-bit) (HKLM-x32\...\Mixxx (2.0.0)) (Version: 2.0.0 - The Mixxx Development Team)
Moog Modular V 2.5 (HKLM-x32\...\Moog Modular V 2_is1) (Version:  - Arturia)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
Mozilla Thunderbird 52.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.4.0 (x86 en-US)) (Version: 52.4.0 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MultiBit Classic 0.5.19 (HKLM\...\0884-5076-5786-4986) (Version: 0.5.19 - Bitcoin Solutions Ltd)
MultiBit HD 0.5.1 (HKLM\...\6925-4794-5772-4956) (Version: 0.5.1 - KeepKey,LLC)
Mumble 1.2.19 (HKLM-x32\...\{F62A874F-2354-49B1-87BE-CAAD7C8FA084}) (Version: 1.2.19 - Thorvald Natvig)
Music Manager (HKU\S-1-5-21-859792479-1463366279-3842450767-1001\...\MusicManager) (Version:  - Google, Inc.)
N.I Pro-53 v3.0-OxYGeN (HKLM-x32\...\N.I Pro-53 v3.0-OxYGeN) (Version:  - )
Native Instruments B4 II (HKLM-x32\...\Native Instruments B4 II) (Version:  - )
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Pro52 v2.5 (HKLM-x32\...\Native Instruments Pro52 v2.5) (Version:  - )
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NXT 1.11.2 (HKLM\...\NXT 1.11.2) (Version: 1.11.2 - nxt.org)
NZBGet (HKLM-x32\...\NZBGet) (Version:  - Andrey Prygunkov)
Octopus (HKLM-x32\...\Octopus) (Version:  - )
OEM Application Profile (HKLM-x32\...\{77A90BCD-4667-3CA8-E4B0-741A58CF1D9F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
OpenVPN 2.4.3-I602  (HKLM\...\OpenVPN) (Version: 2.4.3-I602 - OpenVPN Technologies, Inc.)
Oracle VM VirtualBox 5.1.22 (HKLM\...\{8D5E4D4D-5E0C-4448-B018-5DDEF1E208D9}) (Version: 5.1.22 - Oracle Corporation)
Orion 7.6 (HKLM-x32\...\Orion_is1) (Version:  - Synapse Audio Software)
ParseHub 43.0 (x86 en-US) (HKLM-x32\...\ParseHub 43.0 (x86 en-US)) (Version: 43.0 - Mozilla)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Plane9 v2.3.2.2 (HKLM-x32\...\Plane9) (Version: v2.3.2.2 - Joakim Dahl / Planestate Software)
Plex Media Server (HKLM-x32\...\{66263041-84c1-4c6d-ad3f-70c1e5fd8c75}) (Version: 1.9.2.4285 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{EAE03C2C-C259-4609-B5AD-D3A8D2E6F604}) (Version: 1.9.4285 - Plex, Inc.) Hidden
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
PSP Audioware Nitro v1.0.2 (HKLM-x32\...\PSP Audioware Nitro v1.0.2) (Version:  - )
PuTTY release 0.65 (HKLM-x32\...\PuTTY_is1) (Version: 0.65 - Simon Tatham)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuiteRSS version 0.18.4 (HKLM-x32\...\{372E76B7-3389-4057-B06A-53B104094844}_is1) (Version: 0.18.4 - QuiteRSS Team)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10130.29089 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
Red 2 & Red 3 Plug-in Suite version 1.1 (HKLM\...\Red 2 & Red 3 Plug-in Suite_is1) (Version: 1.1 - Focusrite Audio Engineering Limited)
Rob Papen SubBoomBass 1.0.3c Multi-core (HKLM-x32\...\SubBoomBass_is1) (Version:  - RPCX)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
RogueKiller version 12.11.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.1.0 - Adlice Software)
Saurus v1.0 (HKLM-x32\...\Tone2 Saurus_is1) (Version:  - Tone2)
Scarlett Plug-in Suite 1.7 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.7 - Focusrite)
Skype Voice Changer (HKU\S-1-5-21-859792479-1463366279-3842450767-1001\...\d8f4b4d52e33052f) (Version: 1.4.0.0 - Mark Heath)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-859792479-1463366279-3842450767-1001\...\slack) (Version: 2.8.2 - Slack Technologies)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
SoundToys Native Effects VST RTAS v3.1.2 (HKLM-x32\...\SoundToys Native Effects VST RTAS_is1) (Version:  - )
Steinberg The Grand (HKLM-x32\...\The Grand) (Version:  - )
Stopping Plex (HKLM-x32\...\{22F64911-9B44-42E7-A3A5-43490846841F}) (Version: 1.9.4285 - Plex, Inc.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1232 - SUPERAntiSpyware.com)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TimeWorks Reverb 4080L v1.101 (HKLM-x32\...\Timeworks Reverb) (Version:  - )
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.01.0002 - Toshiba Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Verium version 1.0.4 (HKLM-x32\...\Verium_is1) (Version: 1.0.4 - )
Vertus Fluid Mask 3 3.3.8 (HKLM-x32\...\VertusFluidMask3) (Version: 3.3.8 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.74 - VSO Software)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wave Arts MasterVerb (HKLM-x32\...\Wave Arts MasterVerb) (Version: 5.30 - Wave Arts, Inc.)
Waves Diamond Bundle v5.0 (HKLM-x32\...\Waves Diamond Bundle v5.0) (Version:  - )
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinDirStat 1.1.2 (HKU\S-1-5-21-859792479-1463366279-3842450767-1001\...\WinDirStat) (Version:  - )
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation)
WinHTTrack Website Copier 3.48-22 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
zcash4win (HKLM\...\{A6A11BAC-BFDF-4140-8213-49078EE5F14B}) (Version: 1.0.10 - Unknown)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-859792479-1463366279-3842450767-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-516FBC6179EE}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-859792479-1463366279-3842450767-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-859792479-1463366279-3842450767-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-859792479-1463366279-3842450767-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1-x32: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers1-x32: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-28] ()
ContextMenuHandlers1-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2017-05-24] (ESET)
ContextMenuHandlers1-x32: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2013-10-07] (g10 Code GmbH)
ContextMenuHandlers1-x32: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2017-05-24] (ESET)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers3-x32: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers4-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers4-x32: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2013-10-07] (g10 Code GmbH)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-06-08] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6-x32: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers6-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2017-05-24] (ESET)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers6-x32: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01E85970-2DA9-4058-8258-6FFBA6A026EB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {2A19E625-78E5-4AE7-997E-882AD51D1498} - System32\Tasks\S-1-5-21-859792479-1463366279-3842450767-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {2CA80E35-EDCD-4326-981A-918CB3DBD987} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-25] (Google Inc.)
Task: {3A91C723-7B04-4AE2-9752-41CF8D21A594} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-859792479-1463366279-3842450767-1001Core => C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-03] (Google Inc.)
Task: {3B969C86-6A74-4B06-85DB-2A498C069B73} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-859792479-1463366279-3842450767-1001UA => C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-03] (Google Inc.)
Task: {5ECC23ED-E49E-4622-A17B-BDAC57E8FB3D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-08-26] (Realtek Semiconductor)
Task: {637DF105-675B-4003-8B3F-57CFD3CF1EBA} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-info@deadlightbulb.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {7C1E64E4-64FB-4FF5-91B0-06C72EAB38D4} - System32\Tasks\{EFAF013A-0589-4AF1-A7D2-93C80C2524F3} => C:\WINDOWS\system32\pcalua.exe -a "C:\PGP FW\PGPfreeware 7.0.3.exe" -d "C:\PGP FW"
Task: {7E633298-917F-4265-B629-7C62B0341023} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_170_pepper.exe [2017-10-21] (Adobe Systems Incorporated)
Task: {C64D1BC0-00FA-4A4B-B37E-BDAB3AC61076} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-25] (Google Inc.)
Task: {CB900CAE-26CA-4911-BFDA-D885B80BDB8B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {F682EA30-8462-45CF-89B5-B81A7E542E8D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Jon\Desktop\WavesLiteApp.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kfmcaklajknfekomaflnhkjjkcjabogm
ShortcutWithArgument: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Plex.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fpniocchabmgenibceglhnfeimmdhdfm
ShortcutWithArgument: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WavesLiteApp.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kfmcaklajknfekomaflnhkjjkcjabogm
ShortcutWithArgument: C:\Users\Jon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Jon - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-10-07 07:54 - 2013-10-07 07:54 - 000218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-14 03:48 - 2017-08-14 03:48 - 000491600 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2017-08-28 17:43 - 2017-08-28 17:43 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-18 13:59 - 2017-03-18 19:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-25 23:19 - 2007-09-02 13:58 - 000495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2017-07-14 06:26 - 2017-07-14 06:26 - 000638592 _____ () C:\Program Files\OpenVPN\bin\openvpn-gui.exe
2017-04-06 12:04 - 2017-04-06 12:05 - 005078528 _____ () C:\Program Files (x86)\ArsClip\ArsClip.exe
2015-06-08 22:35 - 2015-06-08 22:35 - 000138752 _____ () C:\Program Files\AMD\ATI.ACE\A4\AdaptiveSleepService.exe
2013-10-15 14:31 - 2013-10-15 14:31 - 000106496 _____ () C:\Program Files\BOINC\zlib1.dll
2017-10-24 14:34 - 2017-10-24 14:34 - 002139648 _____ () C:\Users\Jon\AppData\Local\slack\app-2.8.2\ffmpeg.dll
2017-10-24 14:34 - 2017-10-24 14:34 - 000211968 _____ () \\?\C:\Users\Jon\AppData\Local\slack\app-2.8.2\resources\app.asar.unpacked\node_modules\nslog\build\Release\nslog.node
2017-10-24 14:34 - 2017-10-24 14:34 - 000109568 _____ () \\?\C:\Users\Jon\AppData\Local\slack\app-2.8.2\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2017-07-14 06:26 - 2017-07-14 06:26 - 000225696 _____ () C:\Program Files\OpenVPN\bin\liblzo2-2.dll
2017-07-14 06:26 - 2017-07-14 06:26 - 000126992 _____ () C:\Program Files\OpenVPN\bin\libpkcs11-helper-1.dll
2017-10-24 14:08 - 2017-10-24 14:08 - 018591736 _____ () C:\ProgramData\BOINC\projects\numberfields.asu.edu_NumberFields\GetDecics_2.12_windows_x86_64
2017-10-24 14:34 - 2017-10-24 14:34 - 002551296 _____ () C:\Users\Jon\AppData\Local\slack\app-2.8.2\libglesv2.dll
2017-10-24 14:34 - 2017-10-24 14:34 - 000093184 _____ () C:\Users\Jon\AppData\Local\slack\app-2.8.2\libegl.dll
2017-10-24 14:34 - 2017-10-24 14:34 - 000482816 _____ () \\?\C:\Users\Jon\AppData\Local\slack\app-2.8.2\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2017-10-24 14:34 - 2017-10-24 14:34 - 000089088 _____ () \\?\C:\Users\Jon\AppData\Local\slack\app-2.8.2\resources\app.asar.unpacked\node_modules\@paulcbetts\system-idle-time\build\Release\system_idle_time.node
2017-10-24 14:34 - 2017-10-24 14:34 - 000400896 _____ () \\?\C:\Users\Jon\AppData\Local\slack\app-2.8.2\resources\app.asar.unpacked\node_modules\@slack\slack-calls\build\Release\slack-calls.node
2017-10-24 14:34 - 2017-10-24 14:34 - 007576064 _____ () \\?\C:\Users\Jon\AppData\Local\slack\app-2.8.2\resources\app.asar.unpacked\node_modules\@slack\slack-calls\build\Release\CallsCore.dll
2017-10-24 14:34 - 2017-10-24 14:34 - 001484288 _____ () \\?\C:\Users\Jon\AppData\Local\slack\app-2.8.2\resources\app.asar.unpacked\node_modules\@slack\slack-calls\build\Release\boringssl.dll
2017-10-24 14:34 - 2017-10-24 14:34 - 000223744 _____ () \\?\C:\Users\Jon\AppData\Local\slack\app-2.8.2\resources\app.asar.unpacked\node_modules\@slack\slack-calls\build\Release\protobuf_lite.dll
2017-10-24 14:34 - 2017-10-24 14:34 - 000157184 _____ () \\?\C:\Users\Jon\AppData\Local\slack\app-2.8.2\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2017-08-14 09:05 - 2017-08-14 09:05 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-09-26 16:35 - 2017-09-21 00:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-26 16:35 - 2017-09-21 00:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2015-06-08 22:35 - 2015-06-08 22:35 - 000017408 _____ () C:\Program Files\AMD\ATI.ACE\a4\AS4.NativeProxy.dll
2013-10-07 07:49 - 2013-10-07 07:49 - 000221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 07:44 - 2013-10-07 07:44 - 000050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 07:49 - 2013-10-07 07:49 - 000069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 07:49 - 2013-10-07 07:49 - 000628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2013-10-07 07:47 - 2013-10-07 07:47 - 000037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2017-09-25 04:50 - 2017-09-25 04:50 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2015-09-25 23:19 - 2007-09-02 13:57 - 000069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2017-10-19 12:31 - 2017-10-17 08:48 - 000771904 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-10-19 12:31 - 2017-10-17 08:48 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-10-19 12:31 - 2017-10-17 08:47 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-10-04 17:58 - 2017-10-17 08:47 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-10-04 17:58 - 2017-10-17 08:50 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-10-19 12:31 - 2017-10-17 08:47 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-10-04 17:58 - 2017-10-17 08:47 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-10-19 12:31 - 2017-10-17 08:47 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-10-19 12:31 - 2017-10-17 08:47 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-10-19 12:31 - 2017-10-17 08:48 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-10-04 17:58 - 2017-10-17 08:47 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-10-04 17:58 - 2017-10-17 08:50 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-10-04 17:58 - 2017-10-17 08:47 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-10-19 12:31 - 2017-10-17 08:47 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-10-04 17:58 - 2017-10-17 08:47 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-10-04 17:58 - 2017-10-17 08:47 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-10-19 12:31 - 2017-10-17 08:48 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-10-04 17:58 - 2017-10-17 08:50 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-10-19 12:31 - 2017-10-17 08:50 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-10-04 17:58 - 2017-10-17 08:47 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-10-04 17:58 - 2017-10-17 08:47 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-10-04 17:58 - 2017-10-17 08:47 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-10-04 17:58 - 2017-10-17 08:47 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-10-04 17:58 - 2017-10-17 08:47 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-10-04 17:58 - 2017-10-17 08:47 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-10-04 17:58 - 2017-10-17 08:47 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-10-19 12:31 - 2017-10-17 08:50 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-10-04 17:58 - 2017-10-17 08:50 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-10-04 17:58 - 2017-10-17 08:47 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000045888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-10-19 12:31 - 2017-10-17 08:50 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-10-04 17:58 - 2017-10-17 08:47 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-10-19 12:31 - 2017-10-17 08:50 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-10-04 17:58 - 2017-10-17 08:47 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-10-19 12:31 - 2017-10-17 08:50 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-10-04 17:58 - 2017-10-17 08:50 - 000100688 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-10-04 17:58 - 2017-10-17 08:47 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-10-19 12:31 - 2017-10-17 08:50 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-10-19 12:31 - 2017-10-17 08:50 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-10-19 12:31 - 2017-10-17 08:50 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-10-19 12:31 - 2017-10-17 08:47 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-10-19 12:31 - 2017-10-17 08:50 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-10-19 12:31 - 2017-10-17 08:48 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-10-19 12:31 - 2017-10-17 08:49 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-10-19 12:31 - 2017-10-17 08:48 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-10-19 12:31 - 2017-10-17 08:49 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-10-04 17:58 - 2017-10-17 08:50 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-10-19 12:31 - 2017-10-17 08:49 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-10-19 12:31 - 2017-10-17 08:50 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-10-19 12:31 - 2017-10-17 08:49 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\MultiBitHD_Backup_01262017:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Jon\Cookies:ASuo1cC072BDDVx1nR [524]
AlternateDataStreams: C:\Users\Jon\AppData\Local\i0xtFe8wBkSVVmf:6GyM09gn3HUYr1G9XjBWLM5 [2162]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-04-09 12:45 - 2017-10-11 10:40 - 000735928 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
127.0.0.1 localhost.localdomain
255.255.255.255 broadcasthost
127.0.0.1 local
127.0.0.1  
127.0.0.1  
127.0.0.1 coin-hive.com
127.0.0.1  goatse.cx       # More information on sites such as 
127.0.0.1  www.goatse.cx   # these can be found in this article
127.0.0.1  oralse.cx       # en.wikipedia.org/wiki/List_of_shock_sites
127.0.0.1  www.oralse.cx
127.0.0.1  goatse.ca
127.0.0.1  www.goatse.ca
127.0.0.1  oralse.ca
127.0.0.1  www.oralse.ca
127.0.0.1  goat.cx
127.0.0.1  www.goat.cx
127.0.0.1  1girl1pitcher.com
127.0.0.1  1girl1pitcher.org
127.0.0.1  1guy1cock.com
127.0.0.1  1man1jar.org
127.0.0.1  1man2needles.com
127.0.0.1  1priest1nun.com
127.0.0.1  1priest1nun.net
127.0.0.1  2girls1cup-free.com
127.0.0.1  2girls1cup.cc
127.0.0.1  2girls1cup.com
127.0.0.1  2girls1cup.nl
127.0.0.1  2girls1cup.ws
127.0.0.1  2girls1finger.com
 
There are 12791 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-859792479-1463366279-3842450767-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jon\Pictures\creature_.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Zune Launcher"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-859792479-1463366279-3842450767-1001\...\StartupApproved\Run: => "GizmoDriveDelegate"
HKU\S-1-5-21-859792479-1463366279-3842450767-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-859792479-1463366279-3842450767-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{F4B9856E-6ABE-45E1-956E-3DA1E6415C55}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{87636AAC-6EB6-4406-8FE1-14DB23F7DA36}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{F805589E-F68E-45E3-A3E8-076E0E39D793}] => (Block) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [{B8FF7832-3BC5-4827-88FC-4F58BA937A64}] => (Block) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [UDP Query User{67B5B615-612F-4429-A209-368D76848FDB}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [TCP Query User{CF20AB3E-9CA5-4BFA-8D05-81877ED8EAA8}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe
FirewallRules: [{F62DB12F-99AC-429F-BF2C-A2E31D5707B4}] => (Allow) C:\Program Files (x86)\ParseHub\parsehub.exe
FirewallRules: [{6DB52625-FA5D-43BC-96AC-B7E4310A4CA3}] => (Allow) C:\Program Files (x86)\ParseHub\parsehub.exe
FirewallRules: [UDP Query User{DF855527-22F3-4E7D-9706-5D0B26A12550}C:\program files (x86)\gridcoinresearch\gridcoinresearch.exe] => (Allow) C:\program files (x86)\gridcoinresearch\gridcoinresearch.exe
FirewallRules: [TCP Query User{2AAFCF85-0FCE-425F-A9BA-3CD57417E3B0}C:\program files (x86)\gridcoinresearch\gridcoinresearch.exe] => (Allow) C:\program files (x86)\gridcoinresearch\gridcoinresearch.exe
FirewallRules: [UDP Query User{E8E731EE-7519-4988-9F2E-403A4574A26E}C:\wallets\genstake\genstake-qt.exe] => (Allow) C:\wallets\genstake\genstake-qt.exe
FirewallRules: [TCP Query User{4B91912E-42A3-4699-A101-D50A642E9A9F}C:\wallets\genstake\genstake-qt.exe] => (Allow) C:\wallets\genstake\genstake-qt.exe
FirewallRules: [UDP Query User{A9E66D15-21FC-4083-9336-5CF61CD0677B}C:\program files\nxt\nxt.exe] => (Allow) C:\program files\nxt\nxt.exe
FirewallRules: [TCP Query User{5DC3AF12-846A-4F8E-A15C-A7D3FE186B1E}C:\program files\nxt\nxt.exe] => (Allow) C:\program files\nxt\nxt.exe
FirewallRules: [{CAE8DA92-798F-455B-A30A-436112F7CAC8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F6575629-8171-483A-AA81-932EBB552065}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{109A871F-BA79-4CFD-8F07-6B9C11586823}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{46802CDF-5146-41FA-843B-2FF1E97DD9B6}] => (Allow) LPort=7935
FirewallRules: [{33F11E5B-C9E5-4025-AC2E-6C739B9A9B5C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C941165F-CC2E-4225-A92F-688C59958CD7}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6084A4EA-8576-4477-ADA5-B2287C4F9248}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{56E715BD-8000-4EFB-9F2E-055EE94E8E58}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{60DA20F2-3BA0-428F-9F6B-F1B7E61E0D3B}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{CA94E33C-B5BB-4FCB-A12A-937EC6DB5403}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{EE7A2D40-1D2E-4AD4-B6DE-B038AC190021}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{5EE928D9-9B38-4A2B-8B0C-AF179EE2072C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{FF8E6CBB-ACFE-424D-9DC8-6A13020A7288}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{3267AAB5-7215-4489-9FDE-9B3A024BD21F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{299B2F11-B710-4EA7-B49F-6D4A80D7194C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{70328E30-DB91-42C0-9F10-A1BB601C8B55}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{769DD5E6-6D13-4A20-83CE-F5A6BB262ECD}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{D4245B6F-DAAF-43EB-BE7B-9B5EE2380C8B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6BC93C9F-152B-4F42-9AA2-9F8E746C3A68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{69481EC3-D3FE-4F4D-A4DA-17E9E9CB81BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F910AC17-E5B3-4977-9237-65D5AA153FA9}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{B9222853-5C49-4BE4-9C37-5B924BC2D314}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{8DA9B2B9-3837-4664-A4F7-FE15AD8AA465}] => (Allow) LPort=7935
FirewallRules: [{FB71EE9A-3DC5-487B-9432-142B54360AEA}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{63FD22DE-3F1C-4B25-9009-9D20AA2D53B0}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{71BEE594-ACE4-4AD8-8730-BE7F863D5EED}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{73D41D8F-50A9-473B-80D2-CD30F27C5692}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{042019C3-5194-4C82-9360-D90D5BB9B6AA}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{16D52ADF-6017-4C77-AE02-32A13F1FAC9B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7DF1DBD4-59A7-4979-A671-17AE82726809}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{6B993D53-5A01-4605-BE53-2BEF7461CFEA}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3E3ED1D8-F453-431C-96E6-2A5BED2FE5FF}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{FCE8A37B-583A-4ED8-B5EF-60C587B7A028}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3C554B0A-8938-404A-95A4-0028DC53327B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{DC14C0F4-963F-4651-8525-6241154FEF2C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{991F9129-97D0-4D39-A215-525DD268E419}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B9A4C17A-59F7-4B37-A27D-5C1131F54A44}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D9EB22DC-4F95-4F19-AA35-7D04528422BE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{52AED9F6-3EEE-4E3B-B8F7-2E7AEFD8238B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{8BC4A4E2-76D4-49B2-8D6A-67B648EB4D6D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{13C7410E-6A5E-4492-9000-106813421AA8}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{A58BCEEC-C119-40A1-8852-7A1AD90744E2}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{579845DF-0185-4016-B60A-E60BD0294046}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{BB4EC6FE-F95A-47C4-BA49-6983BF720D18}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{5EC49667-0E94-4D63-84AD-379E89D0E93C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{DBB1E3FE-DA20-418D-A752-2F0903EDAE02}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D3BF3223-D6C5-4DC2-8A5F-F194D2984397}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4E35F6E6-0D33-4200-8D05-3FD9733CA7A9}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D5178084-0DFB-41E6-BFB6-F72E1FE3416C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{9913AB8F-553C-43E1-90ED-ACA8D8FD4A9A}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B5D914EC-7355-43B6-9C9C-4A60E3762EAC}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B4862D3B-0561-4780-9399-576695811230}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7685EC41-575D-4E07-B730-50A49B7E0C10}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{B33488C4-878E-4579-B963-0E722FDD0A94}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{D3CA45FF-74F8-4D17-ADAD-408644AC54B4}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{F7837A02-AA33-433E-8775-2B67184D69F4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EF8F60D1-199C-4664-8D95-B81D78EBD561}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4113F25B-1704-4CD8-8DF9-78C079D328CC}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{2FAD9E08-CBFD-4A79-A115-2BC6B9D0EB90}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C2CA73C6-0C1B-4AB9-A84C-AE2352B1328D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D9978E58-4DAD-44CB-B832-30311DDA67B1}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{8A194FE4-4027-41BA-A506-DABC3BFB759A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{2072744B-EE58-4EBD-9A4D-74A9F797AD40}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{7A8230BF-8440-4538-9C67-AD7F9BCB46DB}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{2D95091F-C79C-4E34-B301-972DF54AE367}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{B2CB3BA9-82F0-483F-9D00-8323EACD0F00}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B8F6563F-746E-4284-8694-F6DEFB0F0F2A}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{81C113AD-1C34-4CE5-A15E-6EFA6787525A}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{9EC8227F-3D83-49C8-AF93-3DA3EAF42FAF}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{8E7F425A-B50E-4909-8BAB-115AE5D5F2D3}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{320956CB-3822-4452-B11D-54BC2FF9C1D0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
11-10-2017 03:39:50 Scheduled Checkpoint
15-10-2017 22:53:32 Windows Update
19-10-2017 12:33:29 Installed Gridcoin Research
22-10-2017 12:34:22 Removed Gridcoin Research
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/26/2017 01:40:20 PM) (Source: openvpnserv) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (10/26/2017 12:17:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: twinapi.appcore.dll, version: 10.0.15063.674, time stamp: 0xed746311
Exception code: 0xc000027b
Fault offset: 0x0000000000095a86
Faulting process id: 0x4938
Faulting application start time: 0x01d34e8efbdbf7dc
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 123ce18c-b379-4cc8-aa50-bbf73751fb02
Faulting package full name: 7566gishtaki.CalendarLiveTile_1.2.0.0_x64__hcz95sfhvvan4
Faulting package-relative application ID: App
 
Error: (10/26/2017 08:50:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 3V1L)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/26/2017 08:49:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 3V1L)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/26/2017 08:48:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 3V1L)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/26/2017 08:48:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: 3V1L)
Description: App Microsoft.LockApp_10.0.15063.0_neutral__cw5n1h2txyewy+WindowsDefaultLockScreen did not launch within its allotted time.
 
Error: (10/26/2017 08:47:49 AM) (Source: WPDMTPDriver) (EventID: 15300) (User: )
Description: Event-ID 15300
 
Error: (10/25/2017 08:39:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Photoshop.exe, version: 13.0.1.34, time stamp: 0x5269b25c
Faulting module name: Photoshop.exe, version: 13.0.1.34, time stamp: 0x5269b25c
Exception code: 0xc0000005
Fault offset: 0x00000000013d2c43
Faulting process id: 0x3578
Faulting application start time: 0x01d34dea4d95e467
Faulting application path: C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
Faulting module path: C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
Report Id: dec22db7-eb41-40cf-9508-c3f4ea4abb5f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/25/2017 04:31:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Photoshop.exe, version: 13.0.1.34, time stamp: 0x5269b25c
Faulting module name: MSVCR100.dll, version: 10.0.40219.1, time stamp: 0x4d5f034a
Exception code: 0x40000015
Fault offset: 0x00000000000761c9
Faulting process id: 0x14c4
Faulting application start time: 0x01d34ce4f72c84b4
Faulting application path: C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
Faulting module path: C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\MSVCR100.dll
Report Id: 5085ae25-0908-4861-a41c-d4d10ce505cd
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/25/2017 09:19:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.674, time stamp: 0x59cdf479
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x27a4
Faulting application start time: 0x01d34dad0e2e2299
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 1695aea8-b931-43f6-b0ae-c0914ef31f3c
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.674.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
 
System errors:
=============
Error: (10/26/2017 04:30:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (10/26/2017 04:27:30 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server Microsoft.Bluetooth.Profiles.Gatt.Interface.GattServerRegistrar did not register with DCOM within the required timeout.
 
Error: (10/26/2017 04:26:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/26/2017 04:26:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/26/2017 04:25:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (10/26/2017 04:25:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:16:55 PM on ‎10/‎26/‎2017 was unexpected.
 
Error: (10/26/2017 08:49:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/26/2017 08:49:03 AM) (Source: DCOM) (EventID: 10010) (User: 3V1L)
Description: The server Microsoft.LockApp_10.0.15063.0_neutral__cw5n1h2txyewy!WindowsDefaultLockScreen did not register with DCOM within the required timeout.
 
Error: (10/24/2017 04:12:21 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (10/24/2017 12:28:51 PM) (Source: DCOM) (EventID: 10016) (User: 3V1L)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user 3V1L\Jon SID (S-1-5-21-859792479-1463366279-3842450767-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-10-10 11:19:26.443
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
 
  Date: 2017-10-10 11:19:26.437
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
 
  Date: 2017-10-03 20:52:50.103
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
 
  Date: 2017-10-03 20:52:50.099
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-23 17:58:18.592
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-11 14:48:08.729
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-02 09:12:56.356
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\eOPPMonitor.dll that did not meet the Store signing level requirements.
 
  Date: 2017-06-02 09:12:50.096
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\eOPPMonitor.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics 
Percentage of memory in use: 78%
Total physical RAM: 7102.68 MB
Available physical RAM: 1496.7 MB
Total Virtual: 14270.68 MB
Available Virtual: 6497.57 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:464.39 GB) (Free:49.6 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (G-Drive) (Fixed) (Total:931.51 GB) (Free:17.82 GB) NTFS
Drive g: (Seagate 3TB) (Fixed) (Total:2794.39 GB) (Free:1732.49 GB) NTFS
Drive i: () (Fixed) (Total:105.3 GB) (Free:7.2 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 53638525)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 149.1 GB) (Disk ID: C01DE4F4)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=105.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=43.7 GB) - (Type=05)
 
========================================================
Disk: 3 (Size: 2794.5 GB) (Disk ID: 2C2DD871)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 
So that's pretty much it I guess. I really appreciate any help that is offered. Please let me know if you need any other info from me. 
 
Thanks Again!
 
J

Edited by Oh My!, 31 October 2017 - 03:51 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:02 AM

Posted 31 October 2017 - 02:13 PM

Greetings Prints and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:02 AM

Posted 31 October 2017 - 04:32 PM

Greetings,

At first glance this does not appear to be malware related. Let's see what we can find out before referring you to a more appropriate forum.
 

==================== Memory info ===========================

Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 78%

Assuming you were not doing labor intensive things on your computer at the time you ran FRST this level of memory usage is quite high. It doesn't leave you a lot of wiggle room.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-859792479-1463366279-3842450767-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-516FBC6179EE}\InprocServer32 -> %%systemroot%%\system32\shell32.dll
ContextMenuHandlers3-x32: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C}
AlternateDataStreams: C:\Users\Jon\Cookies:ASuo1cC072BDDVx1nR [524]
AlternateDataStreams: C:\Users\Jon\AppData\Local\i0xtFe8wBkSVVmf:6GyM09gn3HUYr1G9XjBWLM5 [2162]
Folder: C:\stockimg_00
Folder: C:\ConnEtc
Zip: C:\WINDOWS\Minidump
cmd: chkdsk c:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will create a zipped folder in the same location from where FRST was run with today's date, example: 06.11.2016_13.24.50.zip. Please attach the file to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Attached Zip file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Prints

Prints
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:03:02 AM

Posted 01 November 2017 - 03:03 PM

Hi there, Thanks much for your help. Yeah, the high memory usage might be high because everything running. I ran the FRST scan during the day while I was working on something. Chrome open with very many tabs, Thunderbird, ESET, Slack (That's about a gig there. Maybe it's a bigger problem, I don't know). But yeah, when I looked at it, it seemed a bit high.

 

Thanks for the message about the P2P programs and the info on that nasty Ransomware. I forget why I have 2 clients installed.

 

Anyhow, here is the FRST log and attached ZIP

 

Here is the zip:

https://www.dropbox.com/s/hrupe1mpodmgww9/01.11.2017_11.26.17.zip?dl=0

 

Begin log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-11-2017
Ran by Jon (01-11-2017 11:24:58) Run:1
Running from C:\_OtherStuff
Loaded Profiles: Jon (Available Profiles: Jon)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-859792479-1463366279-3842450767-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-516FBC6179EE}\InprocServer32 -> %%systemroot%%\system32\shell32.dll
ContextMenuHandlers3-x32: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C}
AlternateDataStreams: C:\Users\Jon\Cookies:ASuo1cC072BDDVx1nR [524]
AlternateDataStreams: C:\Users\Jon\AppData\Local\i0xtFe8wBkSVVmf:6GyM09gn3HUYr1G9XjBWLM5 [2162]
Folder: C:\stockimg_00
Folder: C:\ConnEtc
Zip: C:\WINDOWS\Minidump
cmd: chkdsk c:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-859792479-1463366279-3842450767-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-516FBC6179EE} => key removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\ContextMenuHandlers3-x32: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\ContextMenuHandlers3-x32: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => key not found. 
C:\Users\Jon\Cookies => ":ASuo1cC072BDDVx1nR" ADS removed successfully.
C:\Users\Jon\AppData\Local\i0xtFe8wBkSVVmf => ":6GyM09gn3HUYr1G9XjBWLM5" ADS removed successfully.
 
========================= Folder: C:\stockimg_00 ========================
 
2017-10-09 14:45 - 2017-10-09 14:45 - 000179067 ____A [2D60BDEDF91D163222DB9536675D08DB] () C:\stockimg_00\free_new_york_street_signs_vector_eps.zip
2017-10-09 14:50 - 2017-10-09 14:50 - 000130020 ____A [11383872462CEDF07408DEBB83A904E4] () C:\stockimg_00\roadway.zip
2017-10-09 14:44 - 2017-10-09 14:44 - 001391771 ____A [540EEFA77624296C06116B14277DB125] () C:\stockimg_00\street_signs_ai.zip
2017-10-09 14:49 - 2017-10-09 14:49 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\stockimg_00\free_new_york_street_signs_vector_eps
2017-10-09 14:49 - 2015-05-08 13:04 - 000772078 ____A [23168956081119024B80B48401F3FCE6] () C:\stockimg_00\free_new_york_street_signs_vector_eps\free-new-york-street-signs-vector.eps
2017-10-09 14:49 - 2015-05-10 11:48 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\stockimg_00\free_new_york_street_signs_vector_eps\__MACOSX
2017-10-09 14:49 - 2015-05-08 13:04 - 000068372 ____A [C3DCF982BF371AE70D3F927E2BE3A7C7] () C:\stockimg_00\free_new_york_street_signs_vector_eps\__MACOSX\._free-new-york-street-signs-vector.eps
2017-10-09 14:49 - 2017-10-09 14:49 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\stockimg_00\street_signs_ai
2017-10-09 14:49 - 2015-07-28 16:41 - 001748136 ____A [233411F2D7C307EE21F834CDD71B9930] () C:\stockimg_00\street_signs_ai\street signs.ai
2017-10-09 14:49 - 2015-07-29 00:35 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\stockimg_00\street_signs_ai\__MACOSX
2017-10-09 14:49 - 2015-07-28 16:41 - 000000600 ____A [043C8B4DF999D2479AC3A6EB7B64C81B] () C:\stockimg_00\street_signs_ai\__MACOSX\._street signs.ai
 
====== End of Folder: ======
 
 
========================= Folder: C:\ConnEtc ========================
 
2017-10-25 20:12 - 2017-10-25 20:10 - 000001696 ____A [7F2264DB7B4616D750E51DE348825506] () C:\ConnEtc\mykey.pem
2017-10-25 20:48 - 2017-10-25 20:27 - 000001464 ____A [10900A28F2596F149CBB87E2022504EC] () C:\ConnEtc\mykey.ppk
2017-07-10 10:56 - 2017-07-23 20:59 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\ConnEtc\PEM
2017-07-10 10:57 - 2017-05-11 21:48 - 000001696 ____A [EFE41A5C7B330881A8F79C51D8778224] () C:\ConnEtc\PEM\derbz.pem
2017-07-23 20:59 - 2017-07-23 20:59 - 000001696 ____A [36C006F6680B451ADD210CF3800C3E71] () C:\ConnEtc\PEM\one.pem
2017-07-10 11:07 - 2017-08-15 05:33 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\ConnEtc\PUBPRIV
2017-07-10 11:11 - 2017-07-10 11:11 - 000001486 ____A [D1159EF2935AF9B49152E5ACA1522FA9] () C:\ConnEtc\PUBPRIV\derbs.ppk
2017-07-10 11:08 - 2017-07-10 11:08 - 000000472 ____A [07277B2F347B96D48A4D581398D2C829] () C:\ConnEtc\PUBPRIV\derbz
2017-07-23 20:58 - 2017-07-23 20:58 - 000000468 ____A [D0D3502EF56BF0C01A1981CA9AA1542D] () C:\ConnEtc\PUBPRIV\dip.pem
2017-07-23 20:58 - 2017-07-23 20:58 - 000001482 ____A [2E754A53D8FF0E625C5DB7D1328E4A11] () C:\ConnEtc\PUBPRIV\dip.ppk
2017-08-14 20:31 - 2017-08-14 20:31 - 000000468 ____A [60CB1434B5A1BE3230E187C5658444AC] () C:\ConnEtc\PUBPRIV\vix.pem
2017-08-14 20:32 - 2017-08-14 20:32 - 000001460 ____A [D5EB685EF9DB70AB1297B1586B2693C1] () C:\ConnEtc\PUBPRIV\zip...ppk
2017-08-15 05:33 - 2017-08-21 03:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\ConnEtc\PUBPRIV\815
2017-08-15 05:33 - 2017-08-15 07:13 - 000000468 ____A [BEA011310ED046EC89B66D9201B19356] () C:\ConnEtc\PUBPRIV\815\latest
2017-08-15 05:34 - 2017-08-15 07:13 - 000001482 ____A [7EBBD5BA2DC41BB013217E74D8E3060A] () C:\ConnEtc\PUBPRIV\815\latest.ppk
2017-08-16 20:55 - 2017-08-16 20:55 - 000000468 ____A [12665D06D2653556B2857923F9369338] () C:\ConnEtc\PUBPRIV\815\libby
2017-08-16 20:55 - 2017-08-16 20:55 - 000001460 ____A [AE40D621776DAC60F1700AD26693FBCA] () C:\ConnEtc\PUBPRIV\815\libby.ppk
2017-08-21 03:15 - 2017-08-21 03:15 - 000001671 ____A [2E246F99B09F4E117C89CB775D8B77DF] () C:\ConnEtc\PUBPRIV\815\lybb
 
====== End of Folder: ======
 
================== Zip: ===================
C:\WINDOWS\Minidump -> copied successfully to C:\Users\Jon\Desktop\01.11.2017_11.26.17.zip
=========== Zip: End ===========
 
========= chkdsk c: =========
 
The type of the file system is NTFS.
 
WARNING!  /F parameter not specified.
Running CHKDSK in read-only mode.
 
Stage 1: Examining basic file system structure ...
Progress: 0 of 711424 done; Stage:  0%; Total:  0%; ETA:   0:34:13    
Progress: 358 of 711424 done; Stage:  0%; Total:  0%; ETA:   0:40:29 .  
Progress: 2561 of 711424 done; Stage:  0%; Total:  0%; ETA:   0:38:55 .. 
Progress: 4353 of 711424 done; Stage:  0%; Total:  0%; ETA:   0:26:52 ...
Progress: 4581 of 711424 done; Stage:  0%; Total:  0%; ETA:   0:28:51    
Progress: 5342 of 711424 done; Stage:  0%; Total:  0%; ETA:   0:27:29 .  
Progress: 7933 of 711424 done; Stage:  1%; Total:  0%; ETA:   0:21:57 .. 
Progress: 12289 of 711424 done; Stage:  1%; Total:  0%; ETA:   0:15:34 ...
Progress: 12290 of 711424 done; Stage:  1%; Total:  0%; ETA:   0:15:46    
Progress: 13130 of 711424 done; Stage:  1%; Total:  0%; ETA:   0:18:07 .  
Progress: 13164 of 711424 done; Stage:  1%; Total:  0%; ETA:   0:18:34 .. 
Progress: 13645 of 711424 done; Stage:  1%; Total:  0%; ETA:   0:19:56 ...
Progress: 14886 of 711424 done; Stage:  2%; Total:  0%; ETA:   0:19:03    
Progress: 15617 of 711424 done; Stage:  2%; Total:  0%; ETA:   0:19:22 .  
Progress: 16992 of 711424 done; Stage:  2%; Total:  0%; ETA:   0:18:46 .. 
Progress: 17921 of 711424 done; Stage:  2%; Total:  0%; ETA:   0:18:44 ...
Progress: 19201 of 711424 done; Stage:  2%; Total:  0%; ETA:   0:18:33    
Progress: 20225 of 711424 done; Stage:  2%; Total:  1%; ETA:   0:18:29 .  
Progress: 25089 of 711424 done; Stage:  3%; Total:  1%; ETA:   0:15:39 .. 
Progress: 30654 of 711424 done; Stage:  4%; Total:  1%; ETA:   0:13:23 ...
Progress: 43657 of 711424 done; Stage:  6%; Total:  2%; ETA:   0:09:50    
Progress: 52224 of 711424 done; Stage:  7%; Total:  2%; ETA:   0:08:31 .  
Progress: 55828 of 711424 done; Stage:  7%; Total:  2%; ETA:   0:08:06 .. 
Progress: 55873 of 711424 done; Stage:  7%; Total:  2%; ETA:   0:08:31 ...
Progress: 57601 of 711424 done; Stage:  8%; Total:  2%; ETA:   0:08:36    
Progress: 58823 of 711424 done; Stage:  8%; Total:  2%; ETA:   0:08:41 .  
Progress: 59323 of 711424 done; Stage:  8%; Total:  2%; ETA:   0:08:49 .. 
Progress: 59649 of 711424 done; Stage:  8%; Total:  2%; ETA:   0:09:05 ...
Progress: 61697 of 711424 done; Stage:  8%; Total:  3%; ETA:   0:09:03    
Progress: 62629 of 711424 done; Stage:  8%; Total:  3%; ETA:   0:09:07 .  
Progress: 63432 of 711424 done; Stage:  8%; Total:  3%; ETA:   0:09:14 .. 
Progress: 67585 of 711424 done; Stage:  9%; Total:  3%; ETA:   0:08:59 ...
Progress: 73477 of 711424 done; Stage: 10%; Total:  3%; ETA:   0:08:24    
Progress: 74074 of 711424 done; Stage: 10%; Total:  3%; ETA:   0:08:33 .  
Progress: 74412 of 711424 done; Stage: 10%; Total:  3%; ETA:   0:08:43 .. 
Progress: 74639 of 711424 done; Stage: 10%; Total:  3%; ETA:   0:08:52 ...
Progress: 76410 of 711424 done; Stage: 10%; Total:  3%; ETA:   0:08:52    
Progress: 77057 of 711424 done; Stage: 10%; Total:  3%; ETA:   0:09:00 .  
Progress: 77764 of 711424 done; Stage: 10%; Total:  3%; ETA:   0:09:05 .. 
Progress: 79092 of 711424 done; Stage: 11%; Total:  3%; ETA:   0:09:09 ...
Progress: 80897 of 711424 done; Stage: 11%; Total:  3%; ETA:   0:09:08    
Progress: 82321 of 711424 done; Stage: 11%; Total:  4%; ETA:   0:09:05 .  
Progress: 85133 of 711424 done; Stage: 11%; Total:  4%; ETA:   0:09:02 .. 
Progress: 87553 of 711424 done; Stage: 12%; Total:  4%; ETA:   0:09:00 ...
Progress: 88817 of 711424 done; Stage: 12%; Total:  4%; ETA:   0:09:01    
Progress: 91905 of 711424 done; Stage: 12%; Total:  4%; ETA:   0:08:54 .  
Progress: 95233 of 711424 done; Stage: 13%; Total:  4%; ETA:   0:08:44 .. 
Progress: 99044 of 711424 done; Stage: 13%; Total:  4%; ETA:   0:08:36 ...
Progress: 106557 of 711424 done; Stage: 14%; Total:  5%; ETA:   0:08:08    
Progress: 119638 of 711424 done; Stage: 16%; Total:  5%; ETA:   0:07:21 .  
Progress: 136717 of 711424 done; Stage: 19%; Total:  6%; ETA:   0:06:30 .. 
Progress: 151501 of 711424 done; Stage: 21%; Total:  7%; ETA:   0:05:56 ...
Progress: 155754 of 711424 done; Stage: 21%; Total:  7%; ETA:   0:05:53    
Progress: 159489 of 711424 done; Stage: 22%; Total:  7%; ETA:   0:05:48 .  
Progress: 163841 of 711424 done; Stage: 23%; Total:  7%; ETA:   0:05:45 .. 
Progress: 167937 of 711424 done; Stage: 23%; Total:  8%; ETA:   0:05:42 ...
Progress: 172033 of 711424 done; Stage: 24%; Total:  8%; ETA:   0:05:39    
Progress: 174849 of 711424 done; Stage: 24%; Total:  8%; ETA:   0:05:37 .  
Progress: 178945 of 711424 done; Stage: 25%; Total:  8%; ETA:   0:05:35 .. 
Progress: 182785 of 711424 done; Stage: 25%; Total:  8%; ETA:   0:05:34 ...
Progress: 183624 of 711424 done; Stage: 25%; Total:  8%; ETA:   0:05:34    
Progress: 187027 of 711424 done; Stage: 26%; Total:  9%; ETA:   0:05:35 .  
Progress: 189697 of 711424 done; Stage: 26%; Total:  9%; ETA:   0:05:34 .. 
Progress: 193793 of 711424 done; Stage: 27%; Total:  9%; ETA:   0:05:32 ...
Progress: 196865 of 711424 done; Stage: 27%; Total:  9%; ETA:   0:05:29    
Progress: 199425 of 711424 done; Stage: 28%; Total:  9%; ETA:   0:05:31 .  
Progress: 204770 of 711424 done; Stage: 28%; Total:  9%; ETA:   0:05:26 .. 
Progress: 209409 of 711424 done; Stage: 29%; Total: 10%; ETA:   0:05:23 ...
Progress: 213249 of 711424 done; Stage: 29%; Total: 10%; ETA:   0:05:21    
Progress: 217054 of 711424 done; Stage: 30%; Total: 10%; ETA:   0:05:18 .  
Progress: 226577 of 711424 done; Stage: 31%; Total: 10%; ETA:   0:05:08 .. 
Progress: 236677 of 711424 done; Stage: 33%; Total: 11%; ETA:   0:04:57 ...
Progress: 245249 of 711424 done; Stage: 34%; Total: 11%; ETA:   0:04:49    
Progress: 249089 of 711424 done; Stage: 35%; Total: 12%; ETA:   0:04:48 .  
Progress: 253441 of 711424 done; Stage: 35%; Total: 12%; ETA:   0:04:46 .. 
Progress: 256257 of 711424 done; Stage: 36%; Total: 12%; ETA:   0:04:44 ...
Progress: 268033 of 711424 done; Stage: 37%; Total: 12%; ETA:   0:04:35    
Progress: 283905 of 711424 done; Stage: 39%; Total: 13%; ETA:   0:04:20 .  
Progress: 292463 of 711424 done; Stage: 41%; Total: 14%; ETA:   0:04:14 .. 
Progress: 301492 of 711424 done; Stage: 42%; Total: 14%; ETA:   0:04:07 ...
Progress: 308199 of 711424 done; Stage: 43%; Total: 14%; ETA:   0:04:04    
Progress: 311297 of 711424 done; Stage: 43%; Total: 15%; ETA:   0:04:03 .  
Progress: 314625 of 711424 done; Stage: 44%; Total: 15%; ETA:   0:04:03 .. 
Progress: 316161 of 711424 done; Stage: 44%; Total: 15%; ETA:   0:04:03 ...
Progress: 318977 of 711424 done; Stage: 44%; Total: 15%; ETA:   0:04:04    
Progress: 329985 of 711424 done; Stage: 46%; Total: 16%; ETA:   0:03:58 .  
Progress: 339955 of 711424 done; Stage: 47%; Total: 16%; ETA:   0:03:51 .. 
Progress: 342074 of 711424 done; Stage: 48%; Total: 16%; ETA:   0:03:52 ...
Progress: 349441 of 711424 done; Stage: 49%; Total: 17%; ETA:   0:03:48    
Progress: 358258 of 711424 done; Stage: 50%; Total: 17%; ETA:   0:03:42 .  
Progress: 359343 of 711424 done; Stage: 50%; Total: 17%; ETA:   0:03:42 .. 
Progress: 360859 of 711424 done; Stage: 50%; Total: 17%; ETA:   0:03:44 ...
Progress: 361995 of 711424 done; Stage: 50%; Total: 17%; ETA:   0:03:44    
Progress: 362497 of 711424 done; Stage: 50%; Total: 17%; ETA:   0:03:45 .  
Progress: 364379 of 711424 done; Stage: 51%; Total: 17%; ETA:   0:03:47 .. 
Progress: 366182 of 711424 done; Stage: 51%; Total: 18%; ETA:   0:03:47 ...
Progress: 370177 of 711424 done; Stage: 52%; Total: 18%; ETA:   0:03:47    
Progress: 372481 of 711424 done; Stage: 52%; Total: 18%; ETA:   0:03:47 .  
Progress: 377857 of 711424 done; Stage: 53%; Total: 18%; ETA:   0:03:47 .. 
Progress: 382721 of 711424 done; Stage: 53%; Total: 18%; ETA:   0:03:45 ...
Progress: 386049 of 711424 done; Stage: 54%; Total: 19%; ETA:   0:03:45    
Progress: 389121 of 711424 done; Stage: 54%; Total: 19%; ETA:   0:03:45 .  
Progress: 391937 of 711424 done; Stage: 55%; Total: 19%; ETA:   0:03:44 .. 
Progress: 406035 of 711424 done; Stage: 57%; Total: 20%; ETA:   0:03:37 ...
Progress: 420264 of 711424 done; Stage: 59%; Total: 20%; ETA:   0:03:31    
Progress: 433665 of 711424 done; Stage: 60%; Total: 21%; ETA:   0:03:24 .  
Progress: 447173 of 711424 done; Stage: 62%; Total: 22%; ETA:   0:03:18 .. 
Progress: 459344 of 711424 done; Stage: 64%; Total: 22%; ETA:   0:03:13 ...
Progress: 463361 of 711424 done; Stage: 65%; Total: 22%; ETA:   0:03:13    
Progress: 473601 of 711424 done; Stage: 66%; Total: 23%; ETA:   0:03:10 .  
Progress: 492743 of 711424 done; Stage: 69%; Total: 24%; ETA:   0:03:02 .. 
Progress: 507960 of 711424 done; Stage: 71%; Total: 24%; ETA:   0:02:55 ...
Progress: 517377 of 711424 done; Stage: 72%; Total: 25%; ETA:   0:02:54    
Progress: 535416 of 711424 done; Stage: 75%; Total: 26%; ETA:   0:02:47 .  
Progress: 551723 of 711424 done; Stage: 77%; Total: 27%; ETA:   0:02:43 .. 
Progress: 573650 of 711424 done; Stage: 80%; Total: 28%; ETA:   0:02:35 ...
Progress: 595713 of 711424 done; Stage: 83%; Total: 29%; ETA:   0:02:27    
Progress: 602625 of 711424 done; Stage: 84%; Total: 29%; ETA:   0:02:27 .  
Progress: 607780 of 711424 done; Stage: 85%; Total: 29%; ETA:   0:02:25 .. 
Progress: 608005 of 711424 done; Stage: 85%; Total: 29%; ETA:   0:02:25 ...
Progress: 630273 of 711424 done; Stage: 88%; Total: 30%; ETA:   0:02:20    
Progress: 648705 of 711424 done; Stage: 91%; Total: 31%; ETA:   0:02:15 .  
Progress: 662273 of 711424 done; Stage: 93%; Total: 32%; ETA:   0:02:12 .. 
Progress: 675841 of 711424 done; Stage: 94%; Total: 33%; ETA:   0:02:09 ...
Progress: 678913 of 711424 done; Stage: 95%; Total: 33%; ETA:   0:02:09    
Progress: 686629 of 711424 done; Stage: 96%; Total: 33%; ETA:   0:02:07 .  
Progress: 698595 of 711424 done; Stage: 98%; Total: 34%; ETA:   0:02:06 .. 
Progress: 711424 of 711424 done; Stage: 100%; Total: 35%; ETA:   0:02:03 ...
                                                                                       
                                                                                       
  711424 file records processed.                                                        
 
File verification completed.
Progress: 11017 of 11017 done; Stage: 100%; Total: 26%; ETA:   0:03:05    
                                                                                       
                                                                                       
  11017 large file records processed.                                   
 
Progress: 0 of 0 done; Stage: 99%; Total: 26%; ETA:   0:03:05 .  
                                                                                       
                                                                                       
  0 bad file records processed.                                     
 
 
Stage 2: Examining file name linkage ...
Progress: 6562 of 912296 done; Stage:  0%; Total: 26%; ETA:   0:03:05 .. 
Progress: 32478 of 912296 done; Stage:  3%; Total: 27%; ETA:   0:02:57 ...
Progress: 54762 of 912296 done; Stage:  6%; Total: 28%; ETA:   0:02:52    
Progress: 80407 of 912296 done; Stage:  8%; Total: 29%; ETA:   0:02:46 .  
Progress: 104406 of 912296 done; Stage: 11%; Total: 29%; ETA:   0:02:39 .. 
Progress: 126108 of 912296 done; Stage: 13%; Total: 30%; ETA:   0:02:36 ...
Progress: 147609 of 912296 done; Stage: 16%; Total: 31%; ETA:   0:02:31    
Progress: 169035 of 912296 done; Stage: 18%; Total: 32%; ETA:   0:02:27 .  
Progress: 191027 of 912296 done; Stage: 20%; Total: 33%; ETA:   0:02:23 .. 
Progress: 213475 of 912296 done; Stage: 23%; Total: 33%; ETA:   0:02:19 ...
Progress: 235422 of 912296 done; Stage: 25%; Total: 34%; ETA:   0:02:15    
Progress: 258130 of 912296 done; Stage: 28%; Total: 35%; ETA:   0:02:11 .  
Progress: 258131 of 912296 done; Stage: 28%; Total: 35%; ETA:   0:02:11 .. 
Progress: 280141 of 912296 done; Stage: 30%; Total: 36%; ETA:   0:02:07 ...
Progress: 301602 of 912296 done; Stage: 33%; Total: 37%; ETA:   0:02:04    
Progress: 323345 of 912296 done; Stage: 35%; Total: 37%; ETA:   0:02:01 .  
Progress: 342662 of 912296 done; Stage: 37%; Total: 38%; ETA:   0:01:58 .. 
Progress: 361262 of 912296 done; Stage: 39%; Total: 39%; ETA:   0:01:56 ...
Progress: 383212 of 912296 done; Stage: 42%; Total: 40%; ETA:   0:01:53    
Progress: 407164 of 912296 done; Stage: 44%; Total: 40%; ETA:   0:01:50 .  
Progress: 429255 of 912296 done; Stage: 47%; Total: 41%; ETA:   0:01:47 .. 
Progress: 451679 of 912296 done; Stage: 49%; Total: 42%; ETA:   0:01:43 ...
Progress: 475104 of 912296 done; Stage: 52%; Total: 43%; ETA:   0:01:40    
Progress: 497901 of 912296 done; Stage: 54%; Total: 44%; ETA:   0:01:39 .  
Progress: 523776 of 912296 done; Stage: 57%; Total: 45%; ETA:   0:01:35 .. 
Progress: 547508 of 912296 done; Stage: 60%; Total: 45%; ETA:   0:01:32 ...
Progress: 594475 of 912296 done; Stage: 65%; Total: 47%; ETA:   0:01:27    
Progress: 634060 of 912296 done; Stage: 69%; Total: 49%; ETA:   0:01:23 .  
Progress: 664902 of 912296 done; Stage: 72%; Total: 50%; ETA:   0:01:19 .. 
Progress: 686829 of 912296 done; Stage: 75%; Total: 50%; ETA:   0:01:18 ...
Progress: 711437 of 912296 done; Stage: 77%; Total: 52%; ETA:   0:01:15    
Progress: 711537 of 912296 done; Stage: 77%; Total: 52%; ETA:   0:01:13 .  
Progress: 711676 of 912296 done; Stage: 78%; Total: 52%; ETA:   0:01:13 .. 
Progress: 711794 of 912296 done; Stage: 78%; Total: 52%; ETA:   0:01:13 ...
Progress: 711960 of 912296 done; Stage: 78%; Total: 52%; ETA:   0:01:13    
Progress: 712092 of 912296 done; Stage: 78%; Total: 52%; ETA:   0:01:13 .  
Progress: 712157 of 912296 done; Stage: 78%; Total: 53%; ETA:   0:01:13 .. 
Progress: 712253 of 912296 done; Stage: 78%; Total: 53%; ETA:   0:01:13 ...
Progress: 712334 of 912296 done; Stage: 78%; Total: 53%; ETA:   0:01:13    
Progress: 712442 of 912296 done; Stage: 78%; Total: 53%; ETA:   0:01:13 .  
Progress: 712509 of 912296 done; Stage: 78%; Total: 53%; ETA:   0:01:13 .. 
Progress: 712602 of 912296 done; Stage: 78%; Total: 53%; ETA:   0:01:15 ...
Progress: 712656 of 912296 done; Stage: 78%; Total: 53%; ETA:   0:01:15    
Progress: 712701 of 912296 done; Stage: 78%; Total: 53%; ETA:   0:01:15 .  
Progress: 712793 of 912296 done; Stage: 78%; Total: 53%; ETA:   0:01:15 .. 
Progress: 712875 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:15 ...
Progress: 712936 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:15    
Progress: 713074 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:15 .  
Progress: 713164 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:15 .. 
Progress: 713268 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:15 ...
Progress: 713428 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:15    
Progress: 713551 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:15 .  
Progress: 713701 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:16 .. 
Progress: 713757 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:16 ...
Progress: 713905 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:16    
Progress: 714127 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:16 .  
Progress: 714318 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:16 .. 
Progress: 714493 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:16 ...
Progress: 714627 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:18    
Progress: 714750 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:18 .  
Progress: 714816 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:18 .. 
Progress: 714874 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:18 ...
Progress: 714945 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:18    
Progress: 715072 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:20 .  
Progress: 715185 of 912296 done; Stage: 78%; Total: 54%; ETA:   0:01:20 .. 
Progress: 715270 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:20 ...
Progress: 715331 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:20    
Progress: 715437 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:20 .  
Progress: 715555 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:20 .. 
Progress: 715784 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:20 ...
Progress: 715925 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:21    
Progress: 716070 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:21 .  
Progress: 716212 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:21 .. 
Progress: 716300 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:21 ...
Progress: 716411 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:21    
Progress: 716509 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:21 .  
Progress: 716638 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:21 .. 
Progress: 716738 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:23 ...
Progress: 716833 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:23    
Progress: 716997 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:23 .  
Progress: 717130 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:23 .. 
Progress: 717324 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:23 ...
Progress: 717550 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:24    
Progress: 717740 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:24 .  
Progress: 717914 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:24 .. 
Progress: 718093 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:24 ...
Progress: 718276 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:24    
Progress: 718401 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:24 .  
Progress: 718621 of 912296 done; Stage: 78%; Total: 55%; ETA:   0:01:26 .. 
Progress: 718822 of 912296 done; Stage: 78%; Total: 56%; ETA:   0:01:26 ...
Progress: 718957 of 912296 done; Stage: 78%; Total: 56%; ETA:   0:01:26    
Progress: 719321 of 912296 done; Stage: 78%; Total: 56%; ETA:   0:01:26 .  
Progress: 719518 of 912296 done; Stage: 78%; Total: 56%; ETA:   0:01:26 .. 
Progress: 719724 of 912296 done; Stage: 78%; Total: 56%; ETA:   0:01:26 ...
Progress: 720051 of 912296 done; Stage: 78%; Total: 56%; ETA:   0:01:26    
Progress: 720297 of 912296 done; Stage: 78%; Total: 56%; ETA:   0:01:28 .  
Progress: 720419 of 912296 done; Stage: 78%; Total: 56%; ETA:   0:01:28 .. 
Progress: 720574 of 912296 done; Stage: 78%; Total: 56%; ETA:   0:01:28 ...
Progress: 720942 of 912296 done; Stage: 79%; Total: 56%; ETA:   0:01:28    
Progress: 721269 of 912296 done; Stage: 79%; Total: 56%; ETA:   0:01:28 .  
Progress: 721417 of 912296 done; Stage: 79%; Total: 56%; ETA:   0:01:28 .. 
Progress: 721751 of 912296 done; Stage: 79%; Total: 56%; ETA:   0:01:28 ...
Progress: 722003 of 912296 done; Stage: 79%; Total: 56%; ETA:   0:01:28    
Progress: 722298 of 912296 done; Stage: 79%; Total: 56%; ETA:   0:01:28 .  
Progress: 722652 of 912296 done; Stage: 79%; Total: 56%; ETA:   0:01:29 .. 
Progress: 722950 of 912296 done; Stage: 79%; Total: 56%; ETA:   0:01:29 ...
Progress: 723388 of 912296 done; Stage: 79%; Total: 56%; ETA:   0:01:29    
Progress: 723878 of 912296 done; Stage: 79%; Total: 56%; ETA:   0:01:29 .  
Progress: 724281 of 912296 done; Stage: 79%; Total: 57%; ETA:   0:01:29 .. 
Progress: 724579 of 912296 done; Stage: 79%; Total: 57%; ETA:   0:01:29 ...
Progress: 724860 of 912296 done; Stage: 79%; Total: 57%; ETA:   0:01:29    
Progress: 725285 of 912296 done; Stage: 79%; Total: 57%; ETA:   0:01:29 .  
Progress: 725583 of 912296 done; Stage: 79%; Total: 57%; ETA:   0:01:29 .. 
Progress: 725873 of 912296 done; Stage: 79%; Total: 57%; ETA:   0:01:29 ...
Progress: 726112 of 912296 done; Stage: 79%; Total: 57%; ETA:   0:01:29    
Progress: 726330 of 912296 done; Stage: 79%; Total: 57%; ETA:   0:01:29 .  
Progress: 726519 of 912296 done; Stage: 79%; Total: 57%; ETA:   0:01:29 .. 
Progress: 726653 of 912296 done; Stage: 79%; Total: 58%; ETA:   0:01:29 ...
Progress: 726932 of 912296 done; Stage: 79%; Total: 58%; ETA:   0:01:29    
Progress: 727221 of 912296 done; Stage: 79%; Total: 58%; ETA:   0:01:29 .  
Progress: 727567 of 912296 done; Stage: 79%; Total: 58%; ETA:   0:01:29 .. 
Progress: 727752 of 912296 done; Stage: 79%; Total: 58%; ETA:   0:01:29 ...
Progress: 728091 of 912296 done; Stage: 79%; Total: 58%; ETA:   0:01:29    
Progress: 728545 of 912296 done; Stage: 79%; Total: 58%; ETA:   0:01:29 .  
Progress: 728669 of 912296 done; Stage: 79%; Total: 58%; ETA:   0:01:29 .. 
Progress: 728832 of 912296 done; Stage: 79%; Total: 58%; ETA:   0:01:30 ...
Progress: 729111 of 912296 done; Stage: 79%; Total: 58%; ETA:   0:01:31    
Progress: 729347 of 912296 done; Stage: 79%; Total: 58%; ETA:   0:01:31 .  
Progress: 729504 of 912296 done; Stage: 79%; Total: 58%; ETA:   0:01:31 .. 
Progress: 729630 of 912296 done; Stage: 79%; Total: 58%; ETA:   0:01:31 ...
Progress: 729707 of 912296 done; Stage: 79%; Total: 58%; ETA:   0:01:31    
Progress: 729758 of 912296 done; Stage: 79%; Total: 58%; ETA:   0:01:31 .  
Progress: 729899 of 912296 done; Stage: 80%; Total: 58%; ETA:   0:01:31 .. 
Progress: 730036 of 912296 done; Stage: 80%; Total: 58%; ETA:   0:01:31 ...
Progress: 730136 of 912296 done; Stage: 80%; Total: 58%; ETA:   0:01:31    
Progress: 730302 of 912296 done; Stage: 80%; Total: 58%; ETA:   0:01:32 .  
Progress: 730555 of 912296 done; Stage: 80%; Total: 58%; ETA:   0:01:32 .. 
Progress: 730938 of 912296 done; Stage: 80%; Total: 59%; ETA:   0:01:32 ...
Progress: 731688 of 912296 done; Stage: 80%; Total: 59%; ETA:   0:01:32    
Progress: 731820 of 912296 done; Stage: 80%; Total: 59%; ETA:   0:01:32 .  
Progress: 731943 of 912296 done; Stage: 80%; Total: 59%; ETA:   0:01:32 .. 
Progress: 732074 of 912296 done; Stage: 80%; Total: 59%; ETA:   0:01:32 ...
Progress: 732246 of 912296 done; Stage: 80%; Total: 59%; ETA:   0:01:32    
Progress: 732442 of 912296 done; Stage: 80%; Total: 59%; ETA:   0:01:32 .  
Progress: 732704 of 912296 done; Stage: 80%; Total: 59%; ETA:   0:01:32 .. 
Progress: 732863 of 912296 done; Stage: 80%; Total: 59%; ETA:   0:01:32 ...
Progress: 733206 of 912296 done; Stage: 80%; Total: 59%; ETA:   0:01:32    
Progress: 733423 of 912296 done; Stage: 80%; Total: 59%; ETA:   0:01:32 .  
Progress: 733659 of 912296 done; Stage: 80%; Total: 59%; ETA:   0:01:34 .. 
Progress: 733790 of 912296 done; Stage: 80%; Total: 59%; ETA:   0:01:34 ...
Progress: 733913 of 912296 done; Stage: 80%; Total: 59%; ETA:   0:01:34    
Progress: 734130 of 912296 done; Stage: 80%; Total: 59%; ETA:   0:01:34 .  
Progress: 734349 of 912296 done; Stage: 80%; Total: 59%; ETA:   0:01:34 .. 
Progress: 734704 of 912296 done; Stage: 80%; Total: 60%; ETA:   0:01:34 ...
Progress: 735282 of 912296 done; Stage: 80%; Total: 60%; ETA:   0:01:34    
Progress: 735769 of 912296 done; Stage: 80%; Total: 60%; ETA:   0:01:34 .  
Progress: 736012 of 912296 done; Stage: 80%; Total: 60%; ETA:   0:01:34 .. 
Progress: 736649 of 912296 done; Stage: 80%; Total: 60%; ETA:   0:01:34 ...
Progress: 737449 of 912296 done; Stage: 80%; Total: 60%; ETA:   0:01:34    
Progress: 737723 of 912296 done; Stage: 80%; Total: 60%; ETA:   0:01:34 .  
Progress: 738229 of 912296 done; Stage: 80%; Total: 60%; ETA:   0:01:34 .. 
Progress: 738485 of 912296 done; Stage: 80%; Total: 60%; ETA:   0:01:34 ...
Progress: 738663 of 912296 done; Stage: 80%; Total: 60%; ETA:   0:01:34    
Progress: 738999 of 912296 done; Stage: 81%; Total: 61%; ETA:   0:01:34 .  
Progress: 739376 of 912296 done; Stage: 81%; Total: 61%; ETA:   0:01:34 .. 
Progress: 739640 of 912296 done; Stage: 81%; Total: 61%; ETA:   0:01:34 ...
Progress: 739772 of 912296 done; Stage: 81%; Total: 61%; ETA:   0:01:34    
Progress: 740052 of 912296 done; Stage: 81%; Total: 61%; ETA:   0:01:34 .  
Progress: 740247 of 912296 done; Stage: 81%; Total: 61%; ETA:   0:01:34 .. 
Progress: 740662 of 912296 done; Stage: 81%; Total: 61%; ETA:   0:01:34 ...
Progress: 740767 of 912296 done; Stage: 81%; Total: 61%; ETA:   0:01:34    
Progress: 740984 of 912296 done; Stage: 81%; Total: 61%; ETA:   0:01:34 .  
Progress: 741302 of 912296 done; Stage: 81%; Total: 61%; ETA:   0:01:34 .. 
Progress: 741460 of 912296 done; Stage: 81%; Total: 61%; ETA:   0:01:34 ...
Progress: 741668 of 912296 done; Stage: 81%; Total: 61%; ETA:   0:01:34    
Progress: 742031 of 912296 done; Stage: 81%; Total: 61%; ETA:   0:01:34 .  
Progress: 742368 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:34 .. 
Progress: 742588 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:34 ...
Progress: 742828 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:34    
Progress: 742932 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:34 .  
Progress: 743059 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:34 .. 
Progress: 743217 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:34 ...
Progress: 743348 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:34    
Progress: 743567 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:34 .  
Progress: 743907 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:34 .. 
Progress: 744180 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:34 ...
Progress: 744285 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:34    
Progress: 745118 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:34 .  
Progress: 745228 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:35 .. 
Progress: 745391 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:36 ...
Progress: 745585 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:36    
Progress: 745761 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:36 .  
Progress: 746012 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:36 .. 
Progress: 746161 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:36 ...
Progress: 746340 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:36    
Progress: 746788 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:36 .  
Progress: 746963 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:36 .. 
Progress: 747082 of 912296 done; Stage: 81%; Total: 62%; ETA:   0:01:36 ...
Progress: 747177 of 912296 done; Stage: 81%; Total: 63%; ETA:   0:01:36    
Progress: 747525 of 912296 done; Stage: 81%; Total: 63%; ETA:   0:01:36 .  
Progress: 747696 of 912296 done; Stage: 81%; Total: 63%; ETA:   0:01:36 .. 
Progress: 748393 of 912296 done; Stage: 82%; Total: 63%; ETA:   0:01:36 ...
Progress: 749047 of 912296 done; Stage: 82%; Total: 63%; ETA:   0:01:36    
Progress: 750134 of 912296 done; Stage: 82%; Total: 63%; ETA:   0:01:36 .  
Progress: 750863 of 912296 done; Stage: 82%; Total: 63%; ETA:   0:01:36 .. 
Progress: 751370 of 912296 done; Stage: 82%; Total: 63%; ETA:   0:01:36 ...
Progress: 751929 of 912296 done; Stage: 82%; Total: 63%; ETA:   0:01:36    
Progress: 752094 of 912296 done; Stage: 82%; Total: 63%; ETA:   0:01:36 .  
Progress: 752726 of 912296 done; Stage: 82%; Total: 63%; ETA:   0:01:36 .. 
Progress: 753510 of 912296 done; Stage: 82%; Total: 63%; ETA:   0:01:36 ...
Progress: 754143 of 912296 done; Stage: 82%; Total: 63%; ETA:   0:01:36    
Progress: 755564 of 912296 done; Stage: 82%; Total: 63%; ETA:   0:01:36 .  
Progress: 755838 of 912296 done; Stage: 82%; Total: 63%; ETA:   0:01:36 .. 
Progress: 756167 of 912296 done; Stage: 82%; Total: 63%; ETA:   0:01:37 ...
Progress: 756285 of 912296 done; Stage: 82%; Total: 63%; ETA:   0:01:37    
Progress: 756823 of 912296 done; Stage: 82%; Total: 63%; ETA:   0:01:37 .  
Progress: 757015 of 912296 done; Stage: 82%; Total: 64%; ETA:   0:01:37 .. 
Progress: 757157 of 912296 done; Stage: 82%; Total: 64%; ETA:   0:01:37 ...
Progress: 757278 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:37    
Progress: 757402 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:37 .  
Progress: 757640 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:37 .. 
Progress: 757919 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:37 ...
Progress: 758128 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:37    
Progress: 758344 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:37 .  
Progress: 758716 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:37 .. 
Progress: 759012 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:37 ...
Progress: 759245 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:37    
Progress: 759430 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:37 .  
Progress: 759569 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:37 .. 
Progress: 759845 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:37 ...
Progress: 760021 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:37    
Progress: 760222 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:37 .  
Progress: 760454 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:39 .. 
Progress: 760716 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:39 ...
Progress: 760913 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:39    
Progress: 761176 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:39 .  
Progress: 761328 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:39 .. 
Progress: 761482 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:39 ...
Progress: 762001 of 912296 done; Stage: 83%; Total: 64%; ETA:   0:01:39    
Progress: 762190 of 912296 done; Stage: 83%; Total: 65%; ETA:   0:01:39 .  
Progress: 762477 of 912296 done; Stage: 83%; Total: 65%; ETA:   0:01:39 .. 
Progress: 762876 of 912296 done; Stage: 83%; Total: 65%; ETA:   0:01:39 ...
Progress: 762975 of 912296 done; Stage: 83%; Total: 65%; ETA:   0:01:39    
Progress: 763345 of 912296 done; Stage: 83%; Total: 65%; ETA:   0:01:39 .  
Progress: 763749 of 912296 done; Stage: 83%; Total: 65%; ETA:   0:01:39 .. 
Progress: 763994 of 912296 done; Stage: 83%; Total: 65%; ETA:   0:01:39 ...
Progress: 764723 of 912296 done; Stage: 83%; Total: 65%; ETA:   0:01:39    
Progress: 765058 of 912296 done; Stage: 83%; Total: 65%; ETA:   0:01:39 .  
Progress: 765403 of 912296 done; Stage: 83%; Total: 65%; ETA:   0:01:39 .. 
Progress: 765828 of 912296 done; Stage: 83%; Total: 65%; ETA:   0:01:39 ...
Progress: 765999 of 912296 done; Stage: 83%; Total: 65%; ETA:   0:01:39    
Progress: 766311 of 912296 done; Stage: 83%; Total: 65%; ETA:   0:01:39 .  
Progress: 766487 of 912296 done; Stage: 84%; Total: 65%; ETA:   0:01:39 .. 
Progress: 766802 of 912296 done; Stage: 84%; Total: 65%; ETA:   0:01:39 ...
Progress: 766985 of 912296 done; Stage: 84%; Total: 65%; ETA:   0:01:39    
Progress: 767095 of 912296 done; Stage: 84%; Total: 65%; ETA:   0:01:39 .  
Progress: 767265 of 912296 done; Stage: 84%; Total: 65%; ETA:   0:01:39 .. 
Progress: 767439 of 912296 done; Stage: 84%; Total: 65%; ETA:   0:01:39 ...
Progress: 767744 of 912296 done; Stage: 84%; Total: 66%; ETA:   0:01:39    
Progress: 768188 of 912296 done; Stage: 84%; Total: 66%; ETA:   0:01:39 .  
Progress: 768303 of 912296 done; Stage: 84%; Total: 66%; ETA:   0:01:39 .. 
Progress: 768421 of 912296 done; Stage: 84%; Total: 66%; ETA:   0:01:39 ...
Progress: 768509 of 912296 done; Stage: 84%; Total: 66%; ETA:   0:01:39    
Progress: 768589 of 912296 done; Stage: 84%; Total: 66%; ETA:   0:01:39 .  
Progress: 768702 of 912296 done; Stage: 84%; Total: 66%; ETA:   0:01:39 .. 
Progress: 768782 of 912296 done; Stage: 84%; Total: 66%; ETA:   0:01:39 ...
Progress: 768844 of 912296 done; Stage: 84%; Total: 66%; ETA:   0:01:39    
Progress: 768917 of 912296 done; Stage: 84%; Total: 66%; ETA:   0:01:39 .  
Progress: 769039 of 912296 done; Stage: 84%; Total: 66%; ETA:   0:01:39 .. 
Progress: 769879 of 912296 done; Stage: 84%; Total: 66%; ETA:   0:01:39 ...
Progress: 770001 of 912296 done; Stage: 84%; Total: 67%; ETA:   0:01:39    
Progress: 770089 of 912296 done; Stage: 84%; Total: 67%; ETA:   0:01:39 .  
Progress: 770761 of 912296 done; Stage: 84%; Total: 67%; ETA:   0:01:39 .. 
Progress: 770991 of 912296 done; Stage: 84%; Total: 67%; ETA:   0:01:37 ...
Progress: 771207 of 912296 done; Stage: 84%; Total: 67%; ETA:   0:01:37    
Progress: 771345 of 912296 done; Stage: 84%; Total: 67%; ETA:   0:01:37 .  
Progress: 771549 of 912296 done; Stage: 84%; Total: 67%; ETA:   0:01:37 .. 
Progress: 771775 of 912296 done; Stage: 84%; Total: 67%; ETA:   0:01:37 ...
Progress: 771942 of 912296 done; Stage: 84%; Total: 69%; ETA:   0:01:37    
Progress: 772305 of 912296 done; Stage: 84%; Total: 69%; ETA:   0:01:32 .  
Progress: 772790 of 912296 done; Stage: 84%; Total: 69%; ETA:   0:01:32 .. 
Progress: 772961 of 912296 done; Stage: 84%; Total: 69%; ETA:   0:01:32 ...
Progress: 773196 of 912296 done; Stage: 84%; Total: 69%; ETA:   0:01:32    
Progress: 773593 of 912296 done; Stage: 84%; Total: 69%; ETA:   0:01:32 .  
Progress: 774165 of 912296 done; Stage: 84%; Total: 69%; ETA:   0:01:32 .. 
Progress: 774571 of 912296 done; Stage: 84%; Total: 69%; ETA:   0:01:32 ...
Progress: 774911 of 912296 done; Stage: 84%; Total: 69%; ETA:   0:01:32    
Progress: 775481 of 912296 done; Stage: 85%; Total: 69%; ETA:   0:01:32 .  
Progress: 776046 of 912296 done; Stage: 85%; Total: 69%; ETA:   0:01:32 .. 
Progress: 776318 of 912296 done; Stage: 85%; Total: 69%; ETA:   0:01:32 ...
Progress: 776676 of 912296 done; Stage: 85%; Total: 69%; ETA:   0:01:32    
Progress: 776937 of 912296 done; Stage: 85%; Total: 69%; ETA:   0:01:32 .  
Progress: 777420 of 912296 done; Stage: 85%; Total: 69%; ETA:   0:01:32 .. 
Progress: 777813 of 912296 done; Stage: 85%; Total: 69%; ETA:   0:01:32 ...
Progress: 778183 of 912296 done; Stage: 85%; Total: 69%; ETA:   0:01:32    
Progress: 778548 of 912296 done; Stage: 85%; Total: 69%; ETA:   0:01:32 .  
Progress: 778907 of 912296 done; Stage: 85%; Total: 69%; ETA:   0:01:32 .. 
Progress: 779379 of 912296 done; Stage: 85%; Total: 69%; ETA:   0:01:32 ...
Progress: 779757 of 912296 done; Stage: 85%; Total: 69%; ETA:   0:01:32    
Progress: 780218 of 912296 done; Stage: 85%; Total: 70%; ETA:   0:01:32 .  
Progress: 780618 of 912296 done; Stage: 85%; Total: 70%; ETA:   0:01:32 .. 
Progress: 780918 of 912296 done; Stage: 85%; Total: 70%; ETA:   0:01:32 ...
Progress: 781185 of 912296 done; Stage: 85%; Total: 70%; ETA:   0:01:32    
Progress: 781188 of 912296 done; Stage: 85%; Total: 72%; ETA:   0:01:31 .  
Progress: 781390 of 912296 done; Stage: 85%; Total: 72%; ETA:   0:01:23 .. 
Progress: 781794 of 912296 done; Stage: 85%; Total: 72%; ETA:   0:01:23 ...
Progress: 782588 of 912296 done; Stage: 85%; Total: 72%; ETA:   0:01:23    
Progress: 783149 of 912296 done; Stage: 85%; Total: 72%; ETA:   0:01:23 .  
Progress: 783532 of 912296 done; Stage: 85%; Total: 72%; ETA:   0:01:23 .. 
Progress: 783881 of 912296 done; Stage: 85%; Total: 72%; ETA:   0:01:23 ...
Progress: 784908 of 912296 done; Stage: 86%; Total: 72%; ETA:   0:01:23    
Progress: 785420 of 912296 done; Stage: 86%; Total: 72%; ETA:   0:01:23 .  
Progress: 785707 of 912296 done; Stage: 86%; Total: 72%; ETA:   0:01:23 .. 
Progress: 786142 of 912296 done; Stage: 86%; Total: 73%; ETA:   0:01:23 ...
Progress: 786226 of 912296 done; Stage: 86%; Total: 73%; ETA:   0:01:23    
Progress: 786358 of 912296 done; Stage: 86%; Total: 73%; ETA:   0:01:23 .  
Progress: 786521 of 912296 done; Stage: 86%; Total: 73%; ETA:   0:01:23 .. 
Progress: 786739 of 912296 done; Stage: 86%; Total: 73%; ETA:   0:01:23 ...
Progress: 786966 of 912296 done; Stage: 86%; Total: 73%; ETA:   0:01:23    
Progress: 787067 of 912296 done; Stage: 86%; Total: 73%; ETA:   0:01:23 .  
Progress: 787243 of 912296 done; Stage: 86%; Total: 73%; ETA:   0:01:23 .. 
Progress: 787451 of 912296 done; Stage: 86%; Total: 73%; ETA:   0:01:23 ...
Progress: 787526 of 912296 done; Stage: 86%; Total: 73%; ETA:   0:01:23    
Progress: 787702 of 912296 done; Stage: 86%; Total: 73%; ETA:   0:01:23 .  
Progress: 787863 of 912296 done; Stage: 86%; Total: 73%; ETA:   0:01:21 .. 
Progress: 788007 of 912296 done; Stage: 86%; Total: 73%; ETA:   0:01:21 ...
Progress: 788106 of 912296 done; Stage: 86%; Total: 73%; ETA:   0:01:21    
Progress: 788176 of 912296 done; Stage: 86%; Total: 73%; ETA:   0:01:21 .  
Progress: 788252 of 912296 done; Stage: 86%; Total: 73%; ETA:   0:01:21 .. 
Progress: 788327 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21 ...
Progress: 788435 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21    
Progress: 788965 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21 .  
Progress: 789242 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21 .. 
Progress: 789475 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21 ...
Progress: 789622 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21    
Progress: 789789 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21 .  
Progress: 789883 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21 .. 
Progress: 789943 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21 ...
Progress: 790187 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21    
Progress: 790316 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21 .  
Progress: 790526 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21 .. 
Progress: 790685 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21 ...
Progress: 790793 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21    
Progress: 790887 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21 .  
Progress: 791006 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21 .. 
Progress: 791099 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21 ...
Progress: 791188 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21    
Progress: 791253 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21 .  
Progress: 791421 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21 .. 
Progress: 791795 of 912296 done; Stage: 86%; Total: 74%; ETA:   0:01:21 ...
Progress: 791895 of 912296 done; Stage: 86%; Total: 75%; ETA:   0:01:21    
Progress: 792005 of 912296 done; Stage: 86%; Total: 75%; ETA:   0:01:21 .  
Progress: 792142 of 912296 done; Stage: 86%; Total: 75%; ETA:   0:01:21 .. 
Progress: 792387 of 912296 done; Stage: 86%; Total: 75%; ETA:   0:01:21 ...
Progress: 792504 of 912296 done; Stage: 86%; Total: 75%; ETA:   0:01:21    
Progress: 792712 of 912296 done; Stage: 86%; Total: 75%; ETA:   0:01:21 .  
Progress: 792842 of 912296 done; Stage: 86%; Total: 75%; ETA:   0:01:21 .. 
Progress: 792904 of 912296 done; Stage: 86%; Total: 75%; ETA:   0:01:19 ...
Progress: 793194 of 912296 done; Stage: 86%; Total: 75%; ETA:   0:01:19    
Progress: 793279 of 912296 done; Stage: 86%; Total: 75%; ETA:   0:01:19 .  
Progress: 793399 of 912296 done; Stage: 86%; Total: 75%; ETA:   0:01:19 .. 
Progress: 793521 of 912296 done; Stage: 86%; Total: 75%; ETA:   0:01:19 ...
Progress: 793664 of 912296 done; Stage: 86%; Total: 75%; ETA:   0:01:19    
Progress: 793703 of 912296 done; Stage: 87%; Total: 75%; ETA:   0:01:19 .  
Progress: 793789 of 912296 done; Stage: 87%; Total: 75%; ETA:   0:01:19 .. 
Progress: 793956 of 912296 done; Stage: 87%; Total: 75%; ETA:   0:01:19 ...
Progress: 794080 of 912296 done; Stage: 87%; Total: 75%; ETA:   0:01:19    
Progress: 794269 of 912296 done; Stage: 87%; Total: 75%; ETA:   0:01:19 .  
Progress: 794496 of 912296 done; Stage: 87%; Total: 75%; ETA:   0:01:19 .. 
Progress: 794635 of 912296 done; Stage: 87%; Total: 75%; ETA:   0:01:19 ...
Progress: 795133 of 912296 done; Stage: 87%; Total: 75%; ETA:   0:01:19    
Progress: 795260 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 .  
Progress: 795402 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 .. 
Progress: 795585 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 ...
Progress: 795646 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19    
Progress: 795686 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 .  
Progress: 795749 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 .. 
Progress: 795792 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 ...
Progress: 796623 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19    
Progress: 796803 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 .  
Progress: 796988 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 .. 
Progress: 797087 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 ...
Progress: 797238 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19    
Progress: 797306 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 .  
Progress: 797539 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 .. 
Progress: 797650 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 ...
Progress: 797741 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19    
Progress: 797831 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 .  
Progress: 797988 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 .. 
Progress: 798172 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 ...
Progress: 798316 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19    
Progress: 798508 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 .  
Progress: 798650 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 .. 
Progress: 798864 of 912296 done; Stage: 87%; Total: 76%; ETA:   0:01:19 ...
Progress: 798993 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:19    
Progress: 799122 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:19 .  
Progress: 799770 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:18 .. 
Progress: 799955 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:18 ...
Progress: 800141 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:18    
Progress: 800389 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:18 .  
Progress: 800688 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:18 .. 
Progress: 800802 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:18 ...
Progress: 800990 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:18    
Progress: 801231 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:18 .  
Progress: 801372 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:18 .. 
Progress: 801501 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:18 ...
Progress: 801761 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:18    
Progress: 801972 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:18 .  
Progress: 802263 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:18 .. 
Progress: 802481 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:18 ...
Progress: 802560 of 912296 done; Stage: 87%; Total: 77%; ETA:   0:01:18    
Progress: 802831 of 912296 done; Stage: 88%; Total: 78%; ETA:   0:01:16 .  
Progress: 802963 of 912296 done; Stage: 88%; Total: 78%; ETA:   0:01:16 .. 
Progress: 803062 of 912296 done; Stage: 88%; Total: 78%; ETA:   0:01:16 ...
Progress: 803177 of 912296 done; Stage: 88%; Total: 78%; ETA:   0:01:16    
Progress: 803428 of 912296 done; Stage: 88%; Total: 78%; ETA:   0:01:16 .  
Progress: 803491 of 912296 done; Stage: 88%; Total: 78%; ETA:   0:01:16 .. 
Progress: 803914 of 912296 done; Stage: 88%; Total: 78%; ETA:   0:01:16 ...
Progress: 804186 of 912296 done; Stage: 88%; Total: 78%; ETA:   0:01:16    
Progress: 804588 of 912296 done; Stage: 88%; Total: 78%; ETA:   0:01:16 .  
Progress: 804828 of 912296 done; Stage: 88%; Total: 78%; ETA:   0:01:16 .. 
Progress: 805093 of 912296 done; Stage: 88%; Total: 78%; ETA:   0:01:16 ...
Progress: 805153 of 912296 done; Stage: 88%; Total: 78%; ETA:   0:01:16    
Progress: 805342 of 912296 done; Stage: 88%; Total: 78%; ETA:   0:01:16 .  
Progress: 805451 of 912296 done; Stage: 88%; Total: 78%; ETA:   0:01:15 .. 
Progress: 805572 of 912296 done; Stage: 88%; Total: 79%; ETA:   0:01:15 ...
Progress: 805712 of 912296 done; Stage: 88%; Total: 79%; ETA:   0:01:13    
Progress: 805834 of 912296 done; Stage: 88%; Total: 79%; ETA:   0:01:13 .  
Progress: 805964 of 912296 done; Stage: 88%; Total: 79%; ETA:   0:01:13 .. 
Progress: 806062 of 912296 done; Stage: 88%; Total: 79%; ETA:   0:01:13 ...
Progress: 806131 of 912296 done; Stage: 88%; Total: 79%; ETA:   0:01:13    
Progress: 806225 of 912296 done; Stage: 88%; Total: 79%; ETA:   0:01:13 .  
Progress: 806364 of 912296 done; Stage: 88%; Total: 79%; ETA:   0:01:13 .. 
Progress: 807444 of 912296 done; Stage: 88%; Total: 79%; ETA:   0:01:13 ...
Progress: 808304 of 912296 done; Stage: 88%; Total: 79%; ETA:   0:01:13    
Progress: 808836 of 912296 done; Stage: 88%; Total: 79%; ETA:   0:01:13 .  
Progress: 809480 of 912296 done; Stage: 88%; Total: 79%; ETA:   0:01:11 .. 
Progress: 809725 of 912296 done; Stage: 88%; Total: 79%; ETA:   0:01:11 ...
Progress: 809980 of 912296 done; Stage: 88%; Total: 80%; ETA:   0:01:11    
Progress: 811089 of 912296 done; Stage: 88%; Total: 80%; ETA:   0:01:11 .  
Progress: 912296 of 912296 done; Stage: 100%; Total: 80%; ETA:   0:01:11 .. 
                                                                                       
                                                                                       
  912296 index entries processed.                                                       
 
Index verification completed.
Progress: 1 of 0 done; Stage: 99%; Total: 80%; ETA:   0:01:12 ...
Progress: 0 of 0 done; Stage: 99%; Total: 80%; ETA:   0:01:12    
                                                                                       
                                                                                       
  0 unindexed files scanned.                                        
 
Progress: 0 of 0 done; Stage: 99%; Total: 80%; ETA:   0:01:12 .  
                                                                                       
                                                                                       
  0 unindexed files recovered to lost and found.                    
 
 
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Progress: 12 of 12 done; Stage: 100%; Total: 99%; ETA:   0:00:00 .. 
                                                                                       
                                                                                       
  100437 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
Progress: 0 of 5006 done; Stage:  0%; Total: 99%; ETA:   0:00:00 ...
Progress: 3448 of 5006 done; Stage: 68%; Total: 98%; ETA:   0:00:06    
Progress: 5006 of 5006 done; Stage: 100%; Total: 98%; ETA:   0:00:04 .  
                                                                                       
                                                                                       
  41013096 USN bytes processed.                                                           
 
Usn Journal verification completed.
 
Windows has scanned the file system and found no problems.
No further action is required.
 
 486951135 KB total disk space.
 440212592 KB in 527934 files.
    289656 KB in 100438 indexes.
         0 KB in bad sectors.
    838903 KB in use by the system.
     65536 KB occupied by the log file.
  45609984 KB available on disk.
 
      4096 bytes in each allocation unit.
 121737783 total allocation units on disk.
  11402496 allocation units available on disk.
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 11:31:47 ====


#5 Prints

Prints
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:03:02 AM

Posted 01 November 2017 - 03:10 PM

I use this hosts file, it's made to block anything remotely malicious....

 

http://someonewhocares.org/hosts/

 

that's why those weird sites are in my hosts file. I don't know how my pc would ever get connected to them, but whatever. ;)



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:02 AM

Posted 01 November 2017 - 03:12 PM

Thank you for the information.

Those hosts file entries are normal and common.

Do you recognize the below folders, the content of which are in your Fixlog report?

C:\stockimg_00
C:\ConnEtc

Edited by Oh My!, 01 November 2017 - 03:12 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Prints

Prints
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:03:02 AM

Posted 01 November 2017 - 03:16 PM

Yeah, I, created ConnEtc to some SSH keys in. Stockimg_00 is most likely from work. I do graphic design and I believe I used the contained images for something recently, that's why it's there. ;)



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:02 AM

Posted 01 November 2017 - 03:20 PM

I don't see any evidence of malware or system corruption. If I had to guess I would say your system is asking too much of the available memory. The only other thing I can think of is overheating when under high demand but I think that is less likely, given the memory numbers.

Are there any other concerns or issues you have?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:02 AM

Posted 01 November 2017 - 03:25 PM

On second thought let's do a couple of other things. Maybe we can narrow it down a bit even though it is not a malware issue.

Please do this.

===================================================

Core Temp

--------------------

NOTE: Many antivirus programs will flag this as malicious software but it is not. It can be safely downloaded and launched.
  • Disable your AntiVirus and AntiSpyware applications. Sometimes you can simply select that option after right clicking on the System Tray Program icon on the lower right corner of the screen
  • Please download Core Temp and save it to your desktop
  • If you receive a warning the file is malicious you can ignore the warning and download the file anyway
  • Unzip the folder onto your Desktop
  • Double click the unzipped folder then double click Core Temp.exe
  • Monitor the core temperature both at computer idle and while stressing your computer by launching videos, multiple programs, and high demand programs all at the same time
  • Please report the readings and especially the readings if your computer freezes or shuts down
===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Core temp results
  • BSOD.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Prints

Prints
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:03:02 AM

Posted 01 November 2017 - 03:46 PM

alright, give me a moment - I will do that :) I'll fix my post when I'm done, haha


Edited by Prints, 01 November 2017 - 03:48 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:02 AM

Posted 01 November 2017 - 03:47 PM

If you are up for it, see my last post I squeezed in. Post #9
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Prints

Prints
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:03:02 AM

Posted 01 November 2017 - 04:22 PM

I'm hitting the max temp in Core Temp (74C). I have BOINC running GPU intensive programs, but I believe it's set to 20% usage. I opened Photoshop, and I'm working in PuTTY. I haven't crashed yet though. Temp seems like an issue to me on this laptop (Toshiba Satellite)



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:02 AM

Posted 01 November 2017 - 05:01 PM

Were you able to run BlueScreenView?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Prints

Prints
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:03:02 AM

Posted 02 November 2017 - 05:34 PM

I'm sorry, I forgot about that - but I did find it a good idea to buy a good cooling pad for my laptop. It's general temp is 71C-74C. It raised the max to 83C though.

 

The crashes, if I remember correctly, have to do with ntoskrnl.exe every time (though it's not the same error every time). Here is the only one in the BluescreenView log at the moment, from Oct 17th:

 

Dump File : 101717-58578-01.dmp
Crash Time : 10/17/2017 2:04:24 PM
Bug Check String: SYSTEM_SERVICE_EXCEPTION
Bug Check Code: 0x0000003b
Parameter 1: 00000000`c0000005
Parameter 2: fffff801`fbefc0c0
Parameter 3: ffffab00`b77c5ad0
Parameter 4: 00000000`00000000
Caused By Driver: ntoskrnl.exe
Caused By Address: ntoskrnl.exe+16c580
File Description: NT Kernel & System
Product Name: Microsoft® Windows® Operating System
Company: Microsoft Corporation
File Version: 10.0.15063.674 (WinBuild.160101.0800)
Processor: x64
Crash Address: ntoskrnl.exe+16c580
Stack Address 1: EMPTY FIELD
Stack Address 2: EMPTY FIELD
Stack Address 3: EMPTY FIELD
Computer Name: EMPTY FIELD
Full Path: C:\WINDOWS\Minidump\101717-58578-01.dmp
Processors Count : 4
Major Version: 15
Minor Version: 15063
Dump File Size: 593,600
Dump File Time: 10/17/2017 2:08:39 PM

 

sorry, their HTML output is a bit lacking ;) I'm trying to fix it so it's readable. There you go :)


Edited by Prints, 02 November 2017 - 05:55 PM.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:02 AM

Posted 02 November 2017 - 07:26 PM

Yes, not much help there.

At least we determined there is a heat issue.

Anything else I can help you with?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users